IRC logs for #automotive for Tuesday, 2019-06-25

*** wildlander has quit IRC00:06
*** AlisonChaiken has quit IRC02:11
*** Newami has quit IRC02:21
*** maxel has quit IRC04:17
*** maxel has joined #automotive04:31
*** Newami has joined #automotive04:35
*** AlisonChaiken has joined #automotive04:36
*** skz81 has joined #automotive07:23
*** khouloud has joined #automotive07:52
*** Newami has quit IRC08:17
*** psnsilva has joined #automotive08:26
*** ctxnop has joined #automotive09:39
gkiagiahow are the files in /etc/smack/accesses.d/ generated?10:49
gkiagiawhich component generates them?10:49
*** khouloud has quit IRC10:56
*** khouloud has joined #automotive10:58
smurraygkiagia: security-manager, I'm guessing11:04
*** khouloud has quit IRC11:22
*** khouloud has joined #automotive11:23
*** khouloud has quit IRC11:57
*** khouloud has joined #automotive12:11
gkiagiaI still can't find what I need12:14
gkiagiawhat I need is a way to map a  permission, as specified in a widget xml file, to a rule that will be loaded in smack (i suppose via /etc/smack/access.d/*)12:15
smurraygkiagia: I've not dug into the mechanics of that before, hrm12:27
gkiagiaI commented on SPEC-255412:28
smurraywith Jose on vacation, guess we'll have to dig into it some12:28
smurraygkiagia: probably informative to look at Jose's recent additions for the display permission12:29
gkiagiadisplay permission is done via a unix group12:43
gkiagiait's not a smack label12:43
smurraygkiagia: ah.  What about the audio permission?12:50
gkiagiathe same, it just grants the audio group to the process12:58
gkiagiawhich 1) does not fix the memfd issue and 2) it also grants access to the alsa devices, so basically no app should have this except pipewire itself12:59
smurraygkiagia: that's what the permission in config.xml does?13:01
gkiagiayes13:01
smurraygkiagia: hrm13:04
gkiagiaI don't think the source of that smack rules template is in app-fw-main13:41
gkiagiacan't find it anywhere13:41
gkiagiagit grep System  doesn't reveal it either13:41
gkiagia(System is a fixed string that should exist in there)13:41
smurraygkiagia: definitely come from security-manager, see /usr/share/security-manager/policy/app-rules-template.smack14:01
smurraygkiagia: and see meta-agl/meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch14:05
smurraygkiagia: I suspect at wgt installation time, security-manager gets poked to create the files in /etc/smack/accesses.d using the template14:05
gkiagiasmurray: thanks, stephane already told me in the zoom chat14:06
smurraygkiagia: okay14:06
smurraygkiagia: I see hints of being able to set an extra permission in the wgt installation stuff, haven't untangled how it would be driven yet14:33
*** nate02 has quit IRC15:21
*** AlisonChaiken has quit IRC15:45
*** leon-anavi has quit IRC15:47
*** ctxnop has quit IRC16:07
*** skz81 has quit IRC16:13
*** khouloud has quit IRC16:31
*** francesco_kin has quit IRC17:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!