On 2014-01-10, 11:43 +0800, Yang Chengwei wrote: > On Fri, Jan 10, 2014 at 10:15:28AM +0800, Yin Kangkai wrote: > > On 2014-01-10, 09:52 +0800, Yin Kangkai wrote: > > > On 2014-01-10, 09:46 +0800, Schaufler, Casey wrote: > > > > > Yep, as long as the user session processes are spawned though > > > > > [email protected], they've been set "User" label already. > > > > > > > > So if we started the sshd service with the User label that should be > > > > fine, too. > > > > > > > > > > Yes exactly. I can verify that. > > > > > > So the problem here I see has nothing to do with systemd. It's su and > > > ssh (and sdbd) give you the shell, and they're not SMACK aware. That's > > > my understanding. > > > > > > As Casey said, we might fix this by assigning User label to sdbd > > > (which comes from system-server.service) and sshd.service, let me > > > verify that. > > > > Verified, it works (for both sdbd and ssh) > > > > $ ssh [email protected] > > Warning: Permanently added '192.168.129.3' (ECDSA) to the list of known > > hosts. > > Password: > > Welcome to Tizen > > root:~> id > > uid=0(root) gid=0(root) > > groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User > > As I understand, if the user is root, its context should be "System"? > > > root:~> set_usb_debug.sh --sdb > > root:~> Connection to 192.168.129.3 closed. > > [x86_64] kai@kai-gentoo ~/Downloads $ ~/bin/sdb shell > > sh-4.2$ id > > uid=5100(developer) gid=5100(developer) > > groups=5100(developer),1004(input),6509(app_logging),6527(sys_logging) > > context=User > > sh-4.2$ su > > Password: > > bash-4.2# id > > uid=0(root) gid=0(root) > > groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User > > And su should change user context too? Otherwise, it limit to "User" > priviledges rather than "System".
That depends on how you define a "User" domain, "root" is a user just like any other users. > > bash-4.2# > > > > Did not verify other side impact though (e.g. system_server being in User > > domain). > > Not understand, you're trying to start system_server in "User" domain? to make sdbd in "User" domain, i am changing the system-server.service... _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
