On 26.05.2014 17:01, Kanevskiy, Alexander wrote:
On 26/05/14 17:30 , "Piotr Bartosiewicz"
<[email protected]> wrote:
On 26.05.2014 16:17, Kanevskiy, Alexander wrote:
On 26/05/14 17:12 , "Piotr Bartosiewicz"
<[email protected]> wrote:
On 22.05.2014 16:35, Łukasz Stelmach wrote:
It was <2014-05-22 czw 11:16>, when Michal Witanowski wrote:
From: Dev [mailto:[email protected]] On Behalf Of Thiago
Macieira
Sent: Wednesday, May 21, 2014 7:54 PM
Em qua 21 maio 2014, às 17:35:32, Michal Witanowski escreveu:
I'm in team working on Domain Separation (Linux Containers) and we
need to
reserve an UID for our daemon which will be communicating with
containers
via dbus socket (it requires that UID in host and container match,
so we
can't trust default values).
I was wondering if there exist any rules for User ID allocation on
Tizen 3.0 platform.
Can't you simply have a useradd -r command in the RPM post-install
rule? This will create a UID for you. The software simply needs to
getpwnam to get the UID.
[...]
We can't just do "useradd -r", because it will generate a "random"
User ID.
We must be sure that UID of the deamon user will be the same,
regardless
system configuration, existing users in the system, etc.
Why is that? Are you going to hardcode the uids anywhere? That is BAD.
Yes, we would like to hardcode the uids. Yes we know that it is BAD in
general.
Let me explain the problem without using the 'container' word:
We have 'n' different Tizen images.
How to ensure that in every image there exists the same user='User'
with
the *same* uid=<uid>.
What is the value of that exact numeric uid match between independent
images ?
I've already explained why the uids needs to be the same - see my
earlier
mails. I can't simply do a 'useradd' on the first one and use the uid
on
the
other images because this uid can be occupied in some image.
Different image = different device = different runtime scope. Why this
exact match matters ?
You’re not going to use e.g. NFS between those devices where those uid
might play good role.
So, what is the value here ?
Different images AND the same device. We are implementing linux
containers ie.
the lightweight virtualization - one Tizen host image and many Tizen
guest images.
This UID is used to communicate between host and guests.
One of the primary goals of virtualization is to make app scopes more
secure.
If your security is based on hardcoded numeric uids to communicate from
different runtime scopes (even were they are on one device, having them in
different containers is different scopes),
well, it’s not a secure area in my understanding. compromised one scope
would effectively compromise another one if the only check is same uid.
I understand, it is easier to do such solutions. However, are we really
interested in that long term ?
I don't think it's insecure, if you insist I will explain why, but now I
have
no time and this discussion is going off topic. I recommend a set of
articles about the linux namespaces: https://lwn.net/Articles/531114/
--
Piotr Bartosiewicz
Samsung R&D Institute Poland
Samsung Electronics
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
