From: YOUNG IK CHO [mailto:[email protected]] Sent: Tuesday, October 15, 2013 5:01 AM To: Jussi Laako; Schaufler, Casey Cc: [email protected] Subject: Re: Re: [Dev] Tizen 3.0 proposal for fixing OSP/WRT/Core hard-coded UID issue
>> We are using Smack to provide application isolation. The launcher needs to >> set the Smack label >> of the application. Setting the Smack label of a process requires privilege. If there were no >> launcher involved (if the program were exec()ed) we could use the SMACK64EXEC behavior to achieve >> this. Since there is a launcher, and the launcher does not use exec() the >> launcher requires >> privilege. >But this doesn't require root, just a capability attribute for the >launcher binary itself to permit this just for the launcher? And the >launcher can be fired up as part of the session and will gain the >capability from the filesystem attribute rather than through process >inheritance? Maybe it is possible to just set the capability instead of root. According to the current functionality, following capabilities may be needed: - SMACK labeling / setuid() : maybe CAP_DAC_OVERRIDE/CAP_DAC_READ_SEARCH/CAP_CHOWN ? - chroot() for legacy app : CAP_SYS_CHROOT - directory mount : CAP_SYS_ADMIN I am not quite sure if another capability is needed or not. Yes, a privileged launcher for each user, started in the user session, is a possibility. As we see, it could be tricky to get the exact privilege settings correct. I’m not an advocate of this approach. [http://ext.samsung.net/mailcheck/SeenTimeChecker?do=6482f16d7258a5b3291c376b6f7a6eeff484e5b24161ac329bd421864b5dd60c02837f3ceec12c4526e7ec2d8cdf1b20ce7100ee954f3d131b20909a04efd4d2748cfe1d4e847419cf878f9a26ce15a0]
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
