-
-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow creating identifiable bus broker connections for containers #34
Comments
Thanks @WhyNotHugo for writing this. Should this be on busd instead. zbus will of course need to provide bindings but that's trivial. |
Oh, true. Can you move the issue for me (I think as the owner you have permissions, right?). |
done. |
Others seem to agree that the metadata map is useful and we should standardize the keys as a separate xdg spec so we can share them with the wayland-security context protocol. |
The wayland-security context has these fields as metadata:
I agree that using those same fields is what makes sense the most. |
We're talking about metadata that's not the identity such as the desktop file name. |
Following up on this long thread: https://fosstodon.org/@[email protected]/111002189225139704
The original proposal is here: https://bugs.freedesktop.org/show_bug.cgi?id=100344
And there's an ongoing discussion on the dbus issue tracker: https://gitlab.freedesktop.org/dbus/dbus/-/issues/171
This is required to eventually fix this issue: flatpak/xdg-desktop-portal#737
TLDR
Some dbus applications (e.g.: xdg-desktop-portal) receive requests from other peers and need to know whether that peers is in a sandbox. In case that they are in a sandbox, they need to know a bit more information about it (specifically:
sandbox_engine
,app_id
andinstance_id
).The following method would be used to pass a new fd to the broker. The broker would listen to new connections on this socket, and all client connections made through it would be tagged as belonging to the specified sandbox.
Some notes:
metadata
should not be included here; any metadata that the sandbox engine needs it should store on its own memory.instance_id
field here (and below). This would also align with the Wayland protocol which has the exact same purpose.rules
is probably out of scope; see my notes on ACL below.Aside from the above, other clients can use the following method to check whether they're receiving a message from a sandboxed peer:
The original link issue (from 2017) also proposes including ACL in this scope. I'm not sure if this is still desirable, since this can be handled out-of-process in an xdg-dbus-proxy instance.
The text was updated successfully, but these errors were encountered: