[Dev] Gumd and security-manager integration

Jussi Laako jussi.laako at linux.intel.com
Thu Oct 9 11:29:01 GMT 2014


On 8.10.2014 19:08, Dominig ar Foll (Intel OTC) wrote:
> As someone need to decide, I "propose" to call gumd from the security
> manager for user creation and removal. Login and Logoff are not
> concerned and will remain direct call to gumd

I just don't see the point of layering vs using gumd scripts. For the 
login/logoff actions you'd anyway need to provide necessary scripts.

> @Raphal,
> please sync with Jussi on this mailing list on the best way to
> encapsulate user creation and provide the right label to the various
> files and directories.

We are setting smack permissions already on the home directory. Any 
other directory needs to be handled through those hook scripts.

> In that mode user creation should be done by direct call to useradd as
> no one would be listening to the gumd notifications.

This is something I'd object against, because then user creation would 
be handled in a different way and you don't get the hook scripts called. 
You'd need to always consider two distinct user creation paths.

gumd notifications are irrelevant in this sense, I guess nobody is using 
those for anything at the moment anyway.



More information about the Dev mailing list