On lun, 2014-03-24 at 23:08 +0000, Schaufler, Casey wrote: > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > > Behalf Of José Bollo > > Sent: Tuesday, March 18, 2014 7:22 AM > > To: [email protected] > > Subject: [Dev] Secure Smack Launcher > > > > Hi all, > > > > I propose to use a secure smack launching mechanism to solve all the tizen > > security issues including native applications. > > > > According to installation permissions, the launcher will configure a safe > > and > > secure environment and will launch the application into it. > > There is no need for applications to be rewritten or polkit dependent. > > > > The prepared environment is: > > - a restricted Smack environment using load-self > > - a restricted FS environment using Namespace (needs cap_sys_admin) > > This doesn't work with Smack aware services like dbus, > nor with privilege pop-ups ("Allow Once?").
Hi Casey, What you are pointing out is the fact that my proposal isn't made for some daemons or system aware programs. That is true. I mainly want to solve the problem of applications. The launcher I describe is made to isolate untrusted applications at low cost. DBUS is Smack aware and is already working and kdbus will also soon. My aim is not to launch it in a restricted environment. Maybe we could but to be clear it is not my intent. I have not checked the case of privilege pop-ups so I don't know the nature of the problem you are pointing here. Maybe can you give more details... Best regards José _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
