[SMACK-discuss] Providing shared buffer for applications within Smack environment

Casey Schaufler casey at schaufler-ca.com
Tue Dec 12 15:56:02 UTC 2017


On 12/12/2017 2:07 AM, José Bollo wrote:
> Hi all,
>
> While working for AGL [1], I want to allow applications to receive the
> buffers allocated by WESTON. The use of the surfaces/buffers
> allocated by Weston is difficult when Smack is activated.
>
> When these buffers are created, they are tagged with the smack security
> label that depends on the security label of the service WESTON and of
> the security label of the directory XDG_RUNTIME_DIR when Smack
> transmutation allows it (see [2]).
>
> For the sake of keeping things simple, I wanted to just tune how the
> buffers are created. But I had to reach the issue that XDG_RUNTIME_DIR
> is also used for socket end point and for lock, leading to a
> opposition of requirements on the objects created in XDG_RUNTIME_DIR:
> some of them are for sharing and some other have to be under control.
>
> To achieve my goal I introduced a new environment variable intended for
> sharing objects. This drives to the patch below [3]. The variable is
> named XDG_RUNTIMESHARE_DIR here (but it can be changed because it is
> not XDG in fact +_o)
>
> I would really appreciate the feedbacks and ideas of fellow developers
> from here and there about what I did. Is it the right way to go? Can it
> be up-streamed? Is it a valuable proposal for XDG too?

What package is this being made to? WESTON?

>
> Best regards
> José Bollo
>
> [1] www.automotivelinux.org
> [2] https://www.kernel.org/doc/Documentation/security/Smack.txt
> [3] patch below:
> -----------------------------------------------------------------------
> diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
> index e19fb61b..7e93e818 100644
> --- a/shared/os-compatibility.c
> +++ b/shared/os-compatibility.c
> @@ -157,6 +157,7 @@ os_create_anonymous_file(off_t size)
>        int fd;
>        int ret;
>  
> +      if (!(path = getenv("XDG_RUNTIMESHARE_DIR")))
>        path = getenv("XDG_RUNTIME_DIR");
>        if (!path) {
>                errno = ENOENT;
> -----------------------------------------------------------------------
>
> _______________________________________________
> SMACK-discuss mailing list
> SMACK-discuss at lists.01.org
> https://lists.01.org/mailman/listinfo/smack-discuss



More information about the wayland-devel mailing list