Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Will kdbus be optional? #8

Closed
zester opened this issue Dec 29, 2013 · 5 comments
Closed

Will kdbus be optional? #8

zester opened this issue Dec 29, 2013 · 5 comments

Comments

@zester
Copy link

zester commented Dec 29, 2013

Will kdbus be optional I can't have this running in the kernel on our systems.
@gregkh
Copy link
Owner

gregkh commented Dec 29, 2013

why can't you? What is odd about your systems that it would refuse upstream kernel changes like this?

@zester
Copy link
Author

zester commented Dec 29, 2013

We use our own IPC framework, that's specialized for security purposes. So will kdbus be optional?

@phomes
Copy link
Contributor

phomes commented Dec 29, 2013

For context read (or actually don't)
http://phoronix.com/forums/showthread.php?92695-KDBUS-amp-Systemd-Now-Yields-A-Working-System/page2

It is 20 pages of comments from "zester" like:
"There full of shit, and to prove it the following statement is laughable at best "It chose D-Bus because it is well-documented, well-understood" <-- That's why most people use ZeroMQ IPC/INPROC with Google Protobuf. Also kdbus was a student project that was rejected once before, it was then abandoned. This is all about Greg Kroah-Hartman and what he wants."

@zester
Copy link
Author

zester commented Dec 29, 2013

I just wan't to know if kdbus be optional? And I miss read one of gregs articals where he mentioned kbus, but I corrected my self. And apologized.

@gregkh
Copy link
Owner

gregkh commented Dec 29, 2013

@zester who is "we"? If you don't want to use kdbus, don't, no one is forcing you to at all. If/when it gets merged into the kernel tree, just disable it and you will be fine. Unless you rely on systemd, then you might wish to take a look at it and why it is being created (hint, see the linux.conf.au talk on it next month for all the details.)

@gregkh gregkh closed this as completed Dec 29, 2013
gregkh pushed a commit that referenced this issue Sep 11, 2014
@tixxdz @zonque
test: update policy tests to handle user namespaces
189626a 
Upstream kernels allow unprivileged users to create user namespaces
and change their uid/gid.

These patches update kdbus policy logic to handle this case and
improve our current checks across user namespaces.

So this patch adds:

* kdbus_test_waitpid() to get exit code of childs.
* kdbus_clone_userns_test() that performs the test inside a new
  user namespace.
* Converts all the other tests to return CHECK_OK, CHECK_SKIP or
  CHECK_ERR so we are consistent.

Currently we fail at kdbus_clone_userns_test() test #8. The next patch
will fix this issue.

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
gregkh pushed a commit that referenced this issue Sep 11, 2014
@tixxdz @zonque
policy: make policy checks work across user namespaces
e09aead 
Use the global kuid_t and kgid_t to store uid/gid values, this way we
our policy checks will work across user namespaces.

Note that currently we ignore that the user is privileged in its own
namespaces and the policy access kuid_t and kgid_t were mapped into that
namespace. If this is requested we can add it later a la:
fs/inode.c:inode_owner_or_capable()

Add kdbus_policy_make_access() to convert the user provided info to the
current user namespace. Userspace struct is not changed, only the kernel
one.

This patch fixes test #8 of test-kdbus-policy

Signed-off-by: Djalal Harouni <tixxdz@opendz.org>
[daniel: group kdbus_policy_db_entry_access->{uid,gid} in a union]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gregkh @zester @phomes