[Openicc] GSoC 2013 preparations
Kai-Uwe Behrmann
ku.b at gmx.de
Tue Mar 19 15:06:49 PDT 2013
Am 19.03.2013 11:14, schrieb Richard Hughes:
> On 19 March 2013 09:34, Kai-Uwe Behrmann <ku.b at gmx.de> wrote:
>> As daemon yes. But they can write system wide settings. E.g. Argyll has
>> /etc/xdg/color.jcnf for that.
>
> How does Argyll write to a root:root directory without being setuid?
ACL or sudo
>>> * If Oyranos writes to the user ~/.config/color/settings/ how is
>>> colord supposed to know that settings have changed?
>> There are no file I/O API's for that? When I copy files with UNIX cp, they
>> are instandly seen by GUI file browsers.
>
> It's called inotify, and doesn't work if the process setting the watch
> does not have read permission on the target. As a general permissions
> issue, daemons are not allowed access to files in /home, and with
> SELinux are actively blocked from doing so.
Looks like one more disadvantage for a system daemon. But colord does
cleverly leak personal ICC configurations to the outside. So the user
gives that "freely" away without even being asked.
kind regards
Kai-Uwe
More information about the openicc
mailing list