On Mon, Mar 7, 2016 at 9:14 PM, Simon McVittie <simon.mcvit...@collabora.co.uk> wrote: > On 07/03/16 02:46, WaLyong Cho wrote: >> As you may know, Android has properties. >> http://developer.android.com/reference/java/util/Properties.html >> >> In the desktop side, it maybe similar with configuration system such >> like gconf. > > gconf and its more modern replacement dconf are for per-user settings. > If that's what you want, I would suggest dconf - or preferably a > framework like GLib's GSettings or Qt's QSettings, which just provides a > data model and can support multiple backends (dconf, restricted views of > dconf proxied into an app container, flat file, Windows > HKEY_CURRENT_USER registry, etc).
The 'per-user' is not fit for our case (mobile environment). our apps has same UID. IOW. one app can use another app configuration if it uses it as is. It must be prohibited. > > Per-user settings like dconf and HKEY_CURRENT_USER should not be > confused with per-system settings, like Windows' HKEY_LOCAL_MACHINE > registry. On Unix systems, per-system settings are usually stored in > plain files in /etc, like the ones in /etc/systemd/system/ that > configure systemd. another consideration is directory policy. /etc is read mostly but in our case it's read-only at system partition. IOW it can't be changed. see recent movement for security, verified boot based on dm-verity. IOW. it can't write anything at /etc if it's configured at system partition. that's reason to need configuration or property daemon and control these requirements, DAC & MAC control at there. > >> I hope the configurations are supporting write protected(ro) and >> writable(rw). To control this, I think new daemon will be needed and the >> daemon has to be activated before the clients(user of the configuration >> system). > > Depending on your exact requirements, it might be a better fit to use > plain files, inotify and no daemon. Normal Unix DAC permissions, or > LSMs' MAC policies, can provide read-only and read/write. even though it's written read-only. actually it's write-once at boot time and read-only after that. probably it's not enough to describe our requirement. but we need both DAC and MAC controlled configuration for mobile environment. we checked gconf/dconf but it need small and central configuration systems for both per-user (exactly each app even though it's same UID) and system-wide. Thank you, Kyungmin Park > > -- > Simon McVittie > Collabora Ltd. <http://www.collabora.com/> > > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel