[Dev] The SAPI proposal

Łukasz Stelmach l.stelmach at samsung.com
Wed May 28 07:53:34 GMT 2014


It was <2014-05-27 wto 17:50>, when Dominig ar Foll (Intel OTC) wrote:
> Le 23/05/2014 14:33, José Bollo a écrit :
>> Hi all,
>>
>> I just finished the wiki page that describes SAPI, the Secure CAPI,
>> proposal: https://wiki.tizen.org/wiki/Security/SAPI
[...]
> I would prefer to see the attribution of the Admin user to be done via
> a privilege table in Buxton rather than in a group because it would
> allow to propagate the information in the system without requiring for
> the new promoted user to relog.

Without "relogging" kernel won't acknowledge new permissions beaceuse
user processes won't have new GID on their list of supplementary groups
as set by setgroups(2). It's OK to put this information in a Buxton
table as long as we do not relay on kernel DAC.

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140528/923d23d8/attachment.sig>


More information about the Dev mailing list