Re: [systemd-devel] Supporting properties(configurations) system

2016-03-07 Thread Kyungmin Park 
On Mon, Mar 7, 2016 at 9:14 PM, Simon McVittie
 wrote:
> On 07/03/16 02:46, WaLyong Cho wrote:
>> As you may know, Android has properties.
>> http://developer.android.com/reference/java/util/Properties.html
>>
>> In the desktop side, it maybe similar with configuration system such
>> like gconf.
>
> gconf and its more modern replacement dconf are for per-user settings.
> If that's what you want, I would suggest dconf - or preferably a
> framework like GLib's GSettings or Qt's QSettings, which just provides a
> data model and can support multiple backends (dconf, restricted views of
> dconf proxied into an app container, flat file, Windows
> HKEY_CURRENT_USER registry, etc).

The 'per-user' is not fit for our case (mobile environment). our apps
has same UID. IOW. one app can use another app configuration if it
uses it as is. It must be prohibited.

>
> Per-user settings like dconf and HKEY_CURRENT_USER should not be
> confused with per-system settings, like Windows' HKEY_LOCAL_MACHINE
> registry. On Unix systems, per-system settings are usually stored in
> plain files in /etc, like the ones in /etc/systemd/system/ that
> configure systemd.
another consideration is directory policy. /etc is read mostly but in
our case it's read-only at system partition.
IOW it can't be changed. see recent movement for security, verified
boot based on dm-verity. IOW. it can't write anything at /etc if it's
configured at system partition. that's reason to need configuration or
property daemon and control these requirements, DAC & MAC control at
there.



>
>> I hope the configurations are supporting write protected(ro) and
>> writable(rw). To control this, I think new daemon will be needed and the
>> daemon has to be activated before the clients(user of the configuration
>> system).
>
> Depending on your exact requirements, it might be a better fit to use
> plain files, inotify and no daemon. Normal Unix DAC permissions, or
> LSMs' MAC policies, can provide read-only and read/write.

even though it's written read-only. actually it's write-once at boot
time and read-only after that.

probably it's not enough to describe our requirement. but we need both
DAC and MAC controlled configuration for mobile environment. we
checked gconf/dconf but it need small and central configuration
systems for both per-user (exactly each app even though it's same UID)
and system-wide.

Thank you,
Kyungmin Park
>
> --
> Simon McVittie
> Collabora Ltd. 
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] Supporting properties(configurations) system

2016-03-07 Thread Simon McVittie 
On 07/03/16 02:46, WaLyong Cho wrote:
> As you may know, Android has properties.
> http://developer.android.com/reference/java/util/Properties.html
> 
> In the desktop side, it maybe similar with configuration system such
> like gconf.

gconf and its more modern replacement dconf are for per-user settings.
If that's what you want, I would suggest dconf - or preferably a
framework like GLib's GSettings or Qt's QSettings, which just provides a
data model and can support multiple backends (dconf, restricted views of
dconf proxied into an app container, flat file, Windows
HKEY_CURRENT_USER registry, etc).

Per-user settings like dconf and HKEY_CURRENT_USER should not be
confused with per-system settings, like Windows' HKEY_LOCAL_MACHINE
registry. On Unix systems, per-system settings are usually stored in
plain files in /etc, like the ones in /etc/systemd/system/ that
configure systemd.

> I hope the configurations are supporting write protected(ro) and
> writable(rw). To control this, I think new daemon will be needed and the
> daemon has to be activated before the clients(user of the configuration
> system).

Depending on your exact requirements, it might be a better fit to use
plain files, inotify and no daemon. Normal Unix DAC permissions, or
LSMs' MAC policies, can provide read-only and read/write.

-- 
Simon McVittie
Collabora Ltd. 

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] Supporting properties(configurations) system

2016-03-06 Thread WaLyong Cho 
Hi,

As you may know, Android has properties.
http://developer.android.com/reference/java/util/Properties.html

In the desktop side, it maybe similar with configuration system such
like gconf.

I hope the configurations are supporting write protected(ro) and
writable(rw). To control this, I think new daemon will be needed and the
daemon has to be activated before the clients(user of the configuration
system).

If system has plan to this, we hope to do this.

Thanks,
WaLyong
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel