On Fri, Jan 10, 2014 at 10:15:28AM +0800, Yin Kangkai wrote: > On 2014-01-10, 09:52 +0800, Yin Kangkai wrote: > > On 2014-01-10, 09:46 +0800, Schaufler, Casey wrote: > > > > Yep, as long as the user session processes are spawned though > > > > [email protected], they've been set "User" label already. > > > > > > So if we started the sshd service with the User label that should be > > > fine, too. > > > > > > > Yes exactly. I can verify that. > > > > So the problem here I see has nothing to do with systemd. It's su and > > ssh (and sdbd) give you the shell, and they're not SMACK aware. That's > > my understanding. > > > > As Casey said, we might fix this by assigning User label to sdbd > > (which comes from system-server.service) and sshd.service, let me > > verify that. > > Verified, it works (for both sdbd and ssh) > > $ ssh [email protected] > Warning: Permanently added '192.168.129.3' (ECDSA) to the list of known > hosts. > Password: > Welcome to Tizen > root:~> id > uid=0(root) gid=0(root) > groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User
As I understand, if the user is root, its context should be "System"? > root:~> set_usb_debug.sh --sdb > root:~> Connection to 192.168.129.3 closed. > [x86_64] kai@kai-gentoo ~/Downloads $ ~/bin/sdb shell > sh-4.2$ id > uid=5100(developer) gid=5100(developer) > groups=5100(developer),1004(input),6509(app_logging),6527(sys_logging) > context=User > sh-4.2$ su > Password: > bash-4.2# id > uid=0(root) gid=0(root) > groups=0(root),29(audio),6505(pulse-access),6506(pulse-rt) context=User And su should change user context too? Otherwise, it limit to "User" priviledges rather than "System". > bash-4.2# > > Did not verify other side impact though (e.g. system_server being in User > domain). Not understand, you're trying to start system_server in "User" domain? -- Thanks, Chengwei > > /Kangkai > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev
signature.asc
Description: Digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
