*** wildlander has quit IRC | 00:06 | |
*** AlisonChaiken has quit IRC | 02:11 | |
*** Newami has quit IRC | 02:21 | |
*** maxel has quit IRC | 04:17 | |
*** maxel has joined #automotive | 04:31 | |
*** Newami has joined #automotive | 04:35 | |
*** AlisonChaiken has joined #automotive | 04:36 | |
*** skz81 has joined #automotive | 07:23 | |
*** khouloud has joined #automotive | 07:52 | |
*** Newami has quit IRC | 08:17 | |
*** psnsilva has joined #automotive | 08:26 | |
*** ctxnop has joined #automotive | 09:39 | |
gkiagia | how are the files in /etc/smack/accesses.d/ generated? | 10:49 |
---|---|---|
gkiagia | which component generates them? | 10:49 |
*** khouloud has quit IRC | 10:56 | |
*** khouloud has joined #automotive | 10:58 | |
smurray | gkiagia: security-manager, I'm guessing | 11:04 |
*** khouloud has quit IRC | 11:22 | |
*** khouloud has joined #automotive | 11:23 | |
*** khouloud has quit IRC | 11:57 | |
*** khouloud has joined #automotive | 12:11 | |
gkiagia | I still can't find what I need | 12:14 |
gkiagia | what I need is a way to map a permission, as specified in a widget xml file, to a rule that will be loaded in smack (i suppose via /etc/smack/access.d/*) | 12:15 |
smurray | gkiagia: I've not dug into the mechanics of that before, hrm | 12:27 |
gkiagia | I commented on SPEC-2554 | 12:28 |
smurray | with Jose on vacation, guess we'll have to dig into it some | 12:28 |
smurray | gkiagia: probably informative to look at Jose's recent additions for the display permission | 12:29 |
gkiagia | display permission is done via a unix group | 12:43 |
gkiagia | it's not a smack label | 12:43 |
smurray | gkiagia: ah. What about the audio permission? | 12:50 |
gkiagia | the same, it just grants the audio group to the process | 12:58 |
gkiagia | which 1) does not fix the memfd issue and 2) it also grants access to the alsa devices, so basically no app should have this except pipewire itself | 12:59 |
smurray | gkiagia: that's what the permission in config.xml does? | 13:01 |
gkiagia | yes | 13:01 |
smurray | gkiagia: hrm | 13:04 |
gkiagia | I don't think the source of that smack rules template is in app-fw-main | 13:41 |
gkiagia | can't find it anywhere | 13:41 |
gkiagia | git grep System doesn't reveal it either | 13:41 |
gkiagia | (System is a fixed string that should exist in there) | 13:41 |
smurray | gkiagia: definitely come from security-manager, see /usr/share/security-manager/policy/app-rules-template.smack | 14:01 |
smurray | gkiagia: and see meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch | 14:05 |
smurray | gkiagia: I suspect at wgt installation time, security-manager gets poked to create the files in /etc/smack/accesses.d using the template | 14:05 |
gkiagia | smurray: thanks, stephane already told me in the zoom chat | 14:06 |
smurray | gkiagia: okay | 14:06 |
smurray | gkiagia: I see hints of being able to set an extra permission in the wgt installation stuff, haven't untangled how it would be driven yet | 14:33 |
*** nate02 has quit IRC | 15:21 | |
*** AlisonChaiken has quit IRC | 15:45 | |
*** leon-anavi has quit IRC | 15:47 | |
*** ctxnop has quit IRC | 16:07 | |
*** skz81 has quit IRC | 16:13 | |
*** khouloud has quit IRC | 16:31 | |
*** francesco_kin has quit IRC | 17:58 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!