Opened 10 years ago

Last modified 9 years ago

#2457 new defect

cannot connect to the owning users DBus session bus

Reported by: sascha_silbe Owned by: silbe
Priority: Unspecified by Maintainer Milestone: Unspecified
Component: Rainbow Version: Git as of bugdate
Severity: Major Keywords:
Cc: mstone Distribution/OS:
Bug Status: New

Description

IPC in Sugar happens over the DBus session bus. So in order for activities to work, we need to allow them to connect to the session bus.

There are currently several issues. I'm putting them inside a single ticket so we can decide on a design.

  1. Rainbow uses unshare(CLONE_NEWNET) which (on 2.6.31) apparently disables abstract unix sockets as well.
  2. DBus allows only the owning user itself to connect by default, so we need to provide a custom config file.
  3. We need a group that all "Rainbow user accounts" (resp. the ones that should get DBus access) are in. Because DBus looks up the remote user account in the account database, this needs to be reflected in NSS, not just added during invocation (setgroups(2)). The group name must be known when dbus-daemon is started as it needs to be in the custom config file.

Change History (1)

comment:1 Changed 9 years ago by sascha_silbe

I recently discovered a filtering dbus-proxy (part of the Arkose project which is similar in goal to Rainbow). It's based on the deprecated dbus-glib, but at least a good start. We could use it to relay requests from the isolated session to the session and / or system bus(es).

Note: See TracTickets for help on using tickets.