Rafal, I have a question on API to drop privilege. Is this API affected by sandbox(seccomp)? As you pointed before that GPU process is restricted in sandbox and we also need drop privileges by calling API of security manager, I want to make clear it.
Thanks Zhang Xu > -----Original Message----- > From: Rafał Krypa [mailto:[email protected]] > Sent: Tuesday, November 4, 2014 6:02 PM > To: Zhang, Xu U > Cc: [email protected]; Pozdnyakov, Mikhail > Subject: Re: [Dev] Setting Smack for Crosswalk processes > > On 2014-11-04 09:25, Zhang, Xu U wrote: > > Hi Rafal, > > > > I have forwarded your email to Crosswalk mail list. Misha , who is key > contributor for Crosswalk reply here: > > https://lists.crosswalk-project.org/pipermail/crosswalk-dev/2014-Octob > > er/002165.html > > > > I have a question on setting SMACK label for gpu process. GPU process is > shared by all render process in the same user just as browser process. What > SMACK label should be set for GPU process? What API should we call? > > Hi Xu, > Let me summarize the whole picture including the GPU process and the Zygote > process and how I think they security configuration should be handled: > > *Browser process* > Will be launched by "systemd --user". Runs with label "User" and with > privilege > (capabilities for setting Smack labels). You don't have to call anything to > change > it's security settings, with one exception (described below at Zygote > process). > > *GPU process > *Spawned from the browser process. Runs with label "User" and inherits the > privilege from the browser process. Since it doesn't need the privilege, it > should > call security_manager_drop_process_privileges() function. > > *Zygote process > *Spawned from the browser process. Runs with label "User" and inherits the > privilege. I need to know if Zygote will continue to be used on Tizen. If > yes, then > the browses should drop capabilities after spawning Zygote > (security_manager_drop_process_privileges()). Whichever process will spawn > render processes, needs privileges to pass them to render children. > > *Render process > *Spawned from Zygote process, or directly from Browser process if Zygote is > gone. It will run with application-specific Smack label. Will be initially > started > with privilege to allow changing of Smack label. Should call > security_manager_prepare_app() to set security context, which will change the > label and also drop privileges. > > *Extension process* > Will be spawned from application launcher (amd_session_agent, but see also > https://bugs.tizen.org/jira/browse/TC-1968). It should run with > application-specific Smack label. Tomasz Iwanek patched Crosswalk to call > security-manager in EP, but after we integrate amd with security-manager, > that won't be needed. The launcher should take care of setting security for EP > and you won't have to do it in Crosswalk. > > > Best regards, > Rafal Krypa _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
