[Dev] Fwd: Re: ToyBox task

Xavier Roche xavier.roche at open.eurogiciel.org
Wed Oct 15 08:12:08 GMT 2014


Hello Jan,

In my opinion, using libsmack would be the better way. (just like 
coreutils does by the way).
Our priority is first to reach the actual coreutils status with toybox 
in Tizen.

We will see then to what extent those patches can be pushed upstream...
I don't think this gonna be a real problem since :
   - it only rely on a particular build option (USE_SMACK label) which 
will be by default deactivated.
   - toybox upstream maintainers have not worked on security-related 
features yet.

Best regards,

--
Xavier Roche
Intel Open Source Technology Center


On 15/10/2014 08:05, Jan Cybulski wrote:
> Hello all,
>
> As for now I continue my work on Toybox.
>
> Xavier, you sent patch that adds dependency on libsmack to Toybox.
>
> I just wonder if Toybox maintainers do not mind that:
> maybe they would prefer just reads of smackfs and proc or xattrs?
> (I would prefer libsmack though)
>
> Best regards,
> Jan Cybulski
>
>
> On 14.10.2014 13:55, Xavier Roche wrote:
>>
>> On 14/10/2014 12:32, WaLyong Cho wrote:
>>> On 10/14/2014 06:56 PM, Xavier Roche wrote:
>>>> Hi Walyong,
>>>>
>>>> Thanks for the info,
>>>>
>>>> Basically the toybox solution has already been studied and we have
>>>> already metrics on what we have add/modify.
>>>> It requires a very little effort to get it work properly in a Tizen
>>>> security context.
>>>> (here provides some value and print on the mail history with 
>>>> Samsung and
>>>> a link toward Tizen Git repos)
>>>> More over, Toybox is an active opensource project and offers community
>>>> feedbacks and improvements, on which we can rely on.
>>> If toybox really active and we can rely on then toybox also will be 
>>> good
>>> option.
>> I really think it is a good option, (almost 60 commits published last 
>> month) ...
>> In addition, please take a look at the following :
>>   - tizen toybox repo : toybox 
>> <https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox>
>>   - current toybox status in Tizen : wiki 
>> <https://wiki.tizen.org/wiki/Toybox> and detailed status 
>> <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0>
>>
>> More over, I have discussed with the toybox upstream maintainer (Rob 
>> Landley, who used to work on busybox), and he is ready to give us an 
>> upstream support and integrate our patches as possible.
>>
>>>> Any way I am always curious and interesting in studying alternatives.
>>>> I could not find anything on your project in the open.
>>>> Please send me the pointer as soon as it is available...
>>> I will.
>>>
>>> Thanks
>>>
>>>> Best regards,
>>>>
>>>> -- 
>>>> Xavier Roche
>>>> Intel Open Source Technology Center
>>>>
>>>> On 14/10/2014 10:15, WaLyong Cho wrote:
>>>>> Hi all,
>>>>>
>>>>> I'd like to introduce new toolbox like tool. That is named as 
>>>>> *tinybox*.
>>>>> We have plan to open that on github. That is not under IP 
>>>>> verification.
>>>>> I think that will be soon opened.
>>>>>
>>>>> *tinybox* is using Apache license.
>>>>>
>>>>> Many of coreutils commands were already implemented. And many of 
>>>>> others
>>>>> are implementing now.
>>>>>
>>>>> *tinybox* was started to be used on Tizen.(so at the first time, that
>>>>> has name like tizenbox.) But there is no Tizen feature and should be.
>>>>>
>>>>> I hope to move security-related functionalities to *tinybox*.
>>>>>
>>>>>
>>>>> On 10/13/2014 06:31 PM, Xavier Roche wrote:
>>>>>> Hello Jan,
>>>>>>
>>>>>> You can work with the platform/upstream/toybox repository (see :
>>>>>> https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/toybox 
>>>>>> )
>>>>>> The list provided in the wiki ( here
>>>>>> <https://docs.google.com/a/open.eurogiciel.org/spreadsheets/d/18rlIp9daltyXiiYTO2sunZoXtohUEaKAKAyoSCO8gf0/edit#gid=0> 
>>>>>>
>>>>>> ) is up to date.
>>>>>> Basically, the security-related functionalities to add only 
>>>>>> concern the
>>>>>> following:
>>>>>> - cp
>>>>>> - id
>>>>>> - ls
>>>>>> - mkdir
>>>>>> - mkfifo
>>>>>> - mknod
>>>>>> - ps
>>>>>>
>>>>>> I will create Jira issues on these tasks, with a detailed 
>>>>>> description
>>>>>> for each cases...
>>>>>>
>>>>>> However, Gerrit seems not to work properly today... I'm not sure you
>>>>>> could clone the toybox repository  at the moment.
>>>>>> Feel free to contact me if any questions!
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> -- 
>>>>>> Xavier Roche
>>>>>> Intel Open Source Technology Center
>>>>>>
>>>>>>
>>>>>> On 13/10/2014 10:41, Jan Cybulski wrote:
>>>>>>> Hello, Dominique and Xavier,
>>>>>>>
>>>>>>> I am Tizen developer in Samsung Electronics,
>>>>>>> I got a task from Tomasz Swierczek to add smack aware code to 
>>>>>>> ToyBox.
>>>>>>> He gave me contact to You as people in charge for this on Intel 
>>>>>>> side.
>>>>>>>
>>>>>>> I would like to start working on this and ask which repository 
>>>>>>> should
>>>>>>> I work with, and what is the required schedule for this task?
>>>>>>>
>>>>>>> Aslo : Is wiki site for this up to date?
>>>>>>> (https://wiki.tizen.org/wiki/Toybox) Especially I mean the list of
>>>>>>> toys that are still to be changed by adding security-related
>>>>>>> functionalities. I would like to avoid duplication if some work is
>>>>>>> done already or is performed right now.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Jan Cybulski
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> Dev at lists.tizen.org
>>>>>> https://lists.tizen.org/listinfo/dev
>>>>>>
>>>>
>> Best regards,
>>
>> -- 
>> Xavier Roche
>> Intel Open Source Technology Center
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20141015/48783e9c/attachment.html>


More information about the Dev mailing list