On Thu, Jul 24, 2008 at 02:29:32AM +0900, David Smith wrote: > For implementing PKCS#11 support in the network manager gnome applet > using gnome keyring as the backing store, it's necessary to tell > wpasupplicant the environment variable of GNOME_KEYRING_SOCKET before > loading the gnome keyring PKCS#11 library. This socket will be protected > to the local user, but since wpasupplicant must run as root, it should > be able to access it and indeed it must.
wpa_supplicant can actually be run without root capabilities when using privacy separation. However, that may not be of much help here. Using environment variable for this type of configuration for a library sounds a bit odd, but maybe there is no better way of passing that information. > Attached is a patch to add a DBus interface to set environment variables > in wpasupplicant. I hope this is an acceptable compromise. In the long > term, a better interface from keyring might be made available and then > any necessary changes to wpasupplicant could be made at that time, but > for now this is a rather trivial addition that would primarily be useful > for working with the current implementation. I have to say that I don't really like this at all.. If I understood the design correctly, it may indeed be necessary to be able to set GNOME_KEYRING_SOCKET. However, I don't see need for setting any other environment variable. I would certainly prefer to do this in some other way, but if this is the only feasible one, I would be fine with a compromise that adds a new DBus command for setting GNOME_KEYRING_SOCKET (i.e., just this particular environment variable, not arbitrary variables). I would rather not go through the details of what external programs could do by setting some other variables and as such, it would be simpler to just limit this to a single variable as a workaround for the particular issue. -- Jouni Malinen PGP id EFC895FA _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
