How to let user defined in a container to access dbus systembus
Srinadh Penugonda
srinadh0 at yahoo.com
Sun Dec 12 03:32:13 UTC 2021
Hi
I have dbus policy for a service running on the host for root user.
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"><busconfig>
<!-- Only root can own the bus -->
<policy user="root"> <allow own_prefix="org.myOrg.HostService"/> </policy>
<!-- Allow user "root" to invoke methods on the bus --> <policy user="root"> <allow send_destination="org.myOrg.HostService"/> <allow receive_sender="org.myOrg.HostService"/> </policy>
</busconfig>
I have a process running in another container need to use this service.
This process run as a different user by name frr. This user is created on and known to only this container.
root at sonic:~# docker exec -it myContainer bashroot at sonic:/# ps auxUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMANDfrr 79 0.0 0.1 1215272 20316 pts/0 Sl Dec09 0:04 /usr/lib/frr/zefrr 96 0.0 0.0 48348 8392 pts/0 S Dec09 0:00 /usr/lib/frr/st
When these processes trying to use dbus, they are not able to get the dbus conn
40 static DBus::Connection conn = DBus::Connection::SystemBus();
I tried adding user 'frr' to the policy but realized later that host would not know about this user ( after I continue to see the same problem ).
How can I let users created on containers to be able to access it through a policy. Can I do it policy on the host or is there any other way?
These processes have a limitation that they can not be run as root.
~~ Thanks, Srinadh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20211212/4e38e414/attachment.htm>
More information about the dbus
mailing list