Opened 13 years ago
Last modified 12 years ago
#2457 new defect
cannot connect to the owning users DBus session bus
Reported by: | sascha_silbe | Owned by: | silbe |
---|---|---|---|
Priority: | Unspecified by Maintainer | Milestone: | Unspecified |
Component: | Rainbow | Version: | Git as of bugdate |
Severity: | Major | Keywords: | |
Cc: | mstone | Distribution/OS: | |
Bug Status: | New |
Description
IPC in Sugar happens over the DBus session bus. So in order for activities to work, we need to allow them to connect to the session bus.
There are currently several issues. I'm putting them inside a single ticket so we can decide on a design.
- Rainbow uses unshare(CLONE_NEWNET) which (on 2.6.31) apparently disables abstract unix sockets as well.
- DBus allows only the owning user itself to connect by default, so we need to provide a custom config file.
- We need a group that all "Rainbow user accounts" (resp. the ones that should get DBus access) are in. Because DBus looks up the remote user account in the account database, this needs to be reflected in NSS, not just added during invocation (setgroups(2)). The group name must be known when dbus-daemon is started as it needs to be in the custom config file.
Note: See
TracTickets for help on using
tickets.
I recently discovered a filtering dbus-proxy (part of the Arkose project which is similar in goal to Rainbow). It's based on the deprecated dbus-glib, but at least a good start. We could use it to relay requests from the isolated session to the session and / or system bus(es).