[Dev] Cynara session ID
patrick.ohly at intel.com
Fri May 16 08:32:40 GMT 2014
On Fri, 2014-05-16 at 11:00 +0300, Jussi Laako wrote:
> On 16.5.2014 9:58, José Bollo wrote:
> > I share your analysis. It isn't pragmatic to expect that dbus will guess
> > the session id.
> It can provide PID, or other info about the dbus connection, but it
> could also generate other types of identifiers for the bus connection.
This is also my thinking: the application session identifier is
something separate from the pid or service-specific identifiers, and
therefore must be attached to processes and transferred via IPC
mechanisms just like pid and Smack label are already.
> What is the session id used for anyway?
It's used to grant access temporarily. The Cynara Wiki page has more
information about that:
> The access rule should be simple, application requests access for
> privilege X (provided by service in it's manifest and granted for
> application by it's manifest) and the privilege is either granted or not.
> If it is anything more complex, then you are just over complicating the
I don't have a strong opinion about whether this feature is useful or
not. I'm merely pointing out that it's part of the current Cynara design
and (IMHO) will be a bit problematic to implement reliably the way it is
designed at the moment.
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the Dev