[Dev] Smack Feature for Vconf

Schaufler, Casey casey.schaufler at intel.com
Mon Dec 9 17:30:40 GMT 2013

> -----Original Message-----
> From: dev-bounces at lists.tizen.org [mailto:dev-bounces at lists.tizen.org] On
> Behalf Of Dominig ar Foll
> Sent: Monday, December 09, 2013 6:18 AM
> To: dev at lists.tizen.org; SeungYeup Kim
> Subject: Re: [Dev] Smack Feature for Vconf
> Le 09/12/2013 02:11, Schaufler, Casey a écrit :
> >> That means paths decided by vconftool needs to be known (and hard
> >> coded) by the package maintainer (what if it is changed later ?).
> > Yes. This is correct. I submit that this is a good thing. Developers who don't
> understand the environment in which they are developing are at a serious
> disadvantage. It makes it very difficult for them to contribute to the system
> beyond the niche they are working on.
> >
> >
> I am afraid that I do not agree with the idea that app developpers should
> know the abolute Path used by their Apps.

If they don't know where the files are, how can they check to see if the contents are correct?
How can they possibly figure out if the file is getting created at all?

> One of the big work required for enabling Multi user is linked to the removal
> of the absolute paths. It is implemented in order to let the option of where
> app installation and data dir occurs to the platform developers in relation
> with dynamically created user names.
> https://wiki.tizen.org/wiki/Multi-user_Architecture

That's account creation, which is different from system installation.

> Furthermore as vconf tables can be created at installation time or by the App
> at run time. The labeling of the table cannot always be done by rpm installer.

OK, that's a fair point. On the other hand, setting the Smack label requires CAP_MAC_ADMIN privilege, and apps aren't going to have that.

> The -s option might not be the most elegant code but it covers a real need

No, the -s option code is unacceptable for a number of reasons.
There is no way we can accept the existing code.

> (adding label after App installation in a dynamic path model).

You can use chsmack instead.

> For Labels created during rpm install, we could replace the -s option by a a
> patch in rpm installer to enable support of the platform metadata.
>   https://wiki.tizen.org/wiki/Multi-user_Platform_Metadata

The mechanism is already there.
> But what would be the preferred method for vconf tables created after the
> rpm installation phase ?

Why are they created after the rpm installation? I'm willing to wager that the information is all available at build time.
If you can create the vconf command to create the table at build time you should be able to create the file as well.

> I am afraid that to me the -s option looks like a pretty fair way to solve that
> issue; furthermore it's already implemented in Tizen 2.2 and changing the
> model for 3 does not seem, to me, to add any obvious.

There is only an issue because people are assuming that there is no other way to accomplish the task.
That is not true. I understand that change is uncomfortable, and may require work.

> It would be interresting to get the opinion of Mobile's architects and
> SeungYeup Kim who added the option -s for the Mobile vertical.
> Regards
> --
> Dominig ar Foll
> Senior Software Architect
> Intel Open Source Technology Centre
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev

More information about the Dev mailing list