[systemd-devel] Supporting properties(configurations) system

Kyungmin Park kmpark at infradead.org
Tue Mar 8 00:02:45 UTC 2016 

On Mon, Mar 7, 2016 at 9:14 PM, Simon McVittie
<simon.mcvittie at collabora.co.uk> wrote:
> On 07/03/16 02:46, WaLyong Cho wrote:
>> As you may know, Android has properties.
>> http://developer.android.com/reference/java/util/Properties.html
>>
>> In the desktop side, it maybe similar with configuration system such
>> like gconf.
>
> gconf and its more modern replacement dconf are for per-user settings.
> If that's what you want, I would suggest dconf - or preferably a
> framework like GLib's GSettings or Qt's QSettings, which just provides a
> data model and can support multiple backends (dconf, restricted views of
> dconf proxied into an app container, flat file, Windows
> HKEY_CURRENT_USER registry, etc).

The 'per-user' is not fit for our case (mobile environment). our apps
has same UID. IOW. one app can use another app configuration if it
uses it as is. It must be prohibited.

>
> Per-user settings like dconf and HKEY_CURRENT_USER should not be
> confused with per-system settings, like Windows' HKEY_LOCAL_MACHINE
> registry. On Unix systems, per-system settings are usually stored in
> plain files in /etc, like the ones in /etc/systemd/system/ that
> configure systemd.
another consideration is directory policy. /etc is read mostly but in
our case it's read-only at system partition.
IOW it can't be changed. see recent movement for security, verified
boot based on dm-verity. IOW. it can't write anything at /etc if it's
configured at system partition. that's reason to need configuration or
property daemon and control these requirements, DAC & MAC control at
there.



>
>> I hope the configurations are supporting write protected(ro) and
>> writable(rw). To control this, I think new daemon will be needed and the
>> daemon has to be activated before the clients(user of the configuration
>> system).
>
> Depending on your exact requirements, it might be a better fit to use
> plain files, inotify and no daemon. Normal Unix DAC permissions, or
> LSMs' MAC policies, can provide read-only and read/write.

even though it's written read-only. actually it's write-once at boot
time and read-only after that.

probably it's not enough to describe our requirement. but we need both
DAC and MAC controlled configuration for mobile environment. we
checked gconf/dconf but it need small and central configuration
systems for both per-user (exactly each app even though it's same UID)
and system-wide.

Thank you,
Kyungmin Park
>
> --
> Simon McVittie
> Collabora Ltd. <http://www.collabora.com/>
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel

More information about the systemd-devel mailing list