[SMACK-discuss] Providing shared buffer for applications within Smack environment
José Bollo
jobol at nonadev.net
Tue Dec 12 16:54:46 UTC 2017
On Tue, 12 Dec 2017 07:56:02 -0800
Casey Schaufler <casey at schaufler-ca.com> wrote:
> On 12/12/2017 2:07 AM, José Bollo wrote:
> > Hi all,
> >
> > While working for AGL [1], I want to allow applications to receive
> > the buffers allocated by WESTON. The use of the surfaces/buffers
> > allocated by Weston is difficult when Smack is activated.
> >
> > When these buffers are created, they are tagged with the smack
> > security label that depends on the security label of the service
> > WESTON and of the security label of the directory XDG_RUNTIME_DIR
> > when Smack transmutation allows it (see [2]).
> >
> > For the sake of keeping things simple, I wanted to just tune how the
> > buffers are created. But I had to reach the issue that
> > XDG_RUNTIME_DIR is also used for socket end point and for lock,
> > leading to a opposition of requirements on the objects created in
> > XDG_RUNTIME_DIR: some of them are for sharing and some other have
> > to be under control.
> >
> > To achieve my goal I introduced a new environment variable intended
> > for sharing objects. This drives to the patch below [3]. The
> > variable is named XDG_RUNTIMESHARE_DIR here (but it can be changed
> > because it is not XDG in fact +_o)
> >
> > I would really appreciate the feedbacks and ideas of fellow
> > developers from here and there about what I did. Is it the right
> > way to go? Can it be up-streamed? Is it a valuable proposal for XDG
> > too?
>
> What package is this being made to? WESTON?
yes it is a patch of weston (see [1])
I have interesting discussion on the subject on wayland devlist (see
[2])
Best regards
José
[1]
https://cgit.freedesktop.org/wayland/weston/tree/shared/os-compatibility.c#n151
[2]
https://lists.freedesktop.org/archives/wayland-devel/2017-December/thread.html
>
> >
> > Best regards
> > José Bollo
> >
> > [1] www.automotivelinux.org
> > [2] https://www.kernel.org/doc/Documentation/security/Smack.txt
> > [3] patch below:
> > -----------------------------------------------------------------------
> > diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
> > index e19fb61b..7e93e818 100644
> > --- a/shared/os-compatibility.c
> > +++ b/shared/os-compatibility.c
> > @@ -157,6 +157,7 @@ os_create_anonymous_file(off_t size)
> > int fd;
> > int ret;
> >
> > + if (!(path = getenv("XDG_RUNTIMESHARE_DIR")))
> > path = getenv("XDG_RUNTIME_DIR");
> > if (!path) {
> > errno = ENOENT;
> > -----------------------------------------------------------------------
> >
> > _______________________________________________
> > SMACK-discuss mailing list
> > SMACK-discuss at lists.01.org
> > https://lists.01.org/mailman/listinfo/smack-discuss
>
More information about the wayland-devel
mailing list