cannot connect to the owning users DBus session bus

[sascha_silbe]

IPC in Sugar happens over the DBus session bus. So in order for activities to work, we need to allow them to connect to the session bus.

There are currently several issues. I'm putting them inside a single ticket so we can decide on a design.

1. Rainbow uses unshare(CLONE_NEWNET) which (on 2.6.31) apparently disables abstract unix sockets as well.
2. DBus allows only the owning user itself to connect by default, so we need to provide a custom config file.
3. We need a group that all "Rainbow user accounts" (resp. the ones that should get DBus access) are in. Because DBus looks up the remote user account in the account database, this needs to be reflected in NSS, not just added during invocation (setgroups(2)). The group name must be known when dbus-daemon is started as it needs to be in the custom config file.

[sascha_silbe]

I recently discovered a  filtering dbus-proxy (part of the  Arkose project which is similar in goal to Rainbow). It's  based on the deprecated dbus-glib, but at least a good start. We could use it to relay requests from the isolated session to the session and / or system bus(es).