On 2014-01-10, 09:52 +0800, Yin Kangkai wrote: > On 2014-01-10, 09:46 +0800, Schaufler, Casey wrote: > > > Yep, as long as the user session processes are spawned though > > > [email protected], they've been set "User" label already. > > > > So if we started the sshd service with the User label that should be fine, > > too. > > > > Yes exactly. I can verify that. > > So the problem here I see has nothing to do with systemd. It's su and > ssh (and sdbd) give you the shell, and they're not SMACK aware. That's > my understanding. > > As Casey said, we might fix this by assigning User label to sdbd > (which comes from system-server.service) and sshd.service, let me > verify that.
Verified, it works (for both sdbd and ssh) $ ssh [email protected] Warning: Permanently added '192.168.129.3' (ECDSA) to the list of known hosts. Password: Welcome to Tizen root:~> id uid=0(root) gid=0(root) groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User root:~> set_usb_debug.sh --sdb root:~> Connection to 192.168.129.3 closed. [x86_64] kai@kai-gentoo ~/Downloads $ ~/bin/sdb shell sh-4.2$ id uid=5100(developer) gid=5100(developer) groups=5100(developer),1004(input),6509(app_logging),6527(sys_logging) context=User sh-4.2$ su Password: bash-4.2# id uid=0(root) gid=0(root) groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User bash-4.2# Did not verify other side impact though (e.g. system_server being in User domain). /Kangkai _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
