2013/12/27 Kay Sievers :
> On Fri, Dec 27, 2013 at 4:45 AM, Kay Sievers wrote:
>> On Thu, Dec 26, 2013 at 11:35 PM, Giovanni Campagna
>> wrote:
>>
>>> they do need the IPC_OWNER capability, to fake credentials
>>> on kdbus.
>>
>> Oh, I guess we should just allow the owner/creator of the bus, the
On Fri, Dec 27, 2013 at 4:45 AM, Kay Sievers wrote:
> On Thu, Dec 26, 2013 at 11:35 PM, Giovanni Campagna
> wrote:
>
>> they do need the IPC_OWNER capability, to fake credentials
>> on kdbus.
>
> Oh, I guess we should just allow the owner/creator of the bus, the
> user in this case, to do all tha
On Thu, Dec 26, 2013 at 11:35 PM, Giovanni Campagna
wrote:
> they do need the IPC_OWNER capability, to fake credentials
> on kdbus.
Oh, I guess we should just allow the owner/creator of the bus, the
user in this case, to do all that without the kernel capability.
We should not leak privileges i
From: Giovanni Campagna
The bus proxy and bus driver need to connect to the user bus when
started by the user manager, so they need different service files.
Also, they cannot have their capability bounding set restricted
(because the unprivileged systemd can't do that), and at the same
time they