Ticket #2457 (new defect)
cannot connect to the owning users DBus session bus
|Reported by:||sascha_silbe||Owned by:||silbe|
|Priority:||Unspecified by Maintainer||Milestone:||Unspecified by Release Team|
|Component:||Rainbow||Version:||Git as of bugdate|
IPC in Sugar happens over the DBus session bus. So in order for activities to work, we need to allow them to connect to the session bus.
There are currently several issues. I'm putting them inside a single ticket so we can decide on a design.
1. Rainbow uses unshare(CLONE_NEWNET) which (on 2.6.31) apparently disables abstract unix sockets as well.
2. DBus allows only the owning user itself to connect by default, so we need to provide a custom config file.
3. We need a group that all "Rainbow user accounts" (resp. the ones that should get DBus access) are in. Because DBus looks up the remote user account in the account database, this needs to be reflected in NSS, not just added during invocation (setgroups(2)). The group name must be known when dbus-daemon is started as it needs to be in the custom config file.