From: Bastien Nocera <hadess@hadess.net>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: A desktop environment[1] kernel wishlist
Date: Mon, 27 Oct 2014 17:09:06 +0100 [thread overview]
Message-ID: <1414426146.30379.62.camel@hadess.net> (raw)
In-Reply-To: <CALCETrVYK=GBHbcoJr-zz4tUWv7sdxb-6v7TuuOgcHPCq7s9Pg@mail.gmail.com>
On Mon, 2014-10-27 at 09:08 -0700, Andy Lutomirski wrote:
> On Mon, Oct 27, 2014 at 8:45 AM, Bastien Nocera <hadess@hadess.net> wrote:
> > On Mon, 2014-10-27 at 08:12 -0700, Andy Lutomirski wrote:
> >> On Oct 27, 2014 6:56 AM, "Bastien Nocera" <hadess@hadess.net> wrote:
> >> >
> >> > On Tue, 2014-10-21 at 12:28 -0700, Andy Lutomirski wrote:
> >> > > On 10/21/2014 01:49 AM, Bastien Nocera wrote:
> >> > > > Hey,
> >> > > >
> >> > > > GNOME has had discussions with kernel developers in the past, and,
> >> > > > fortunately, in some cases we were able to make headway.
> >> > > >
> >> > > > There are however a number of items that we still don't have solutions
> >> > > > for, items that kernel developers might not realise we'd like to rely
> >> > > > on, or don't know that we'd make use of if merged.
> >> > > >
> >> > > > I've posted this list at:
> >> > > > https://wiki.gnome.org/BastienNocera/KernelWishlist
> >> > > >
> >> > > > Let me know on-list or off-list if you have any comments about those, so
> >> > > > I can update the list.
> >> > >
> >> > > I don't know much about desktop environment infrastructure, but I think
> >> > > the kernel probably already has a lot of what's needed for LinuxApps.
> >> > >
> >> > > Tools like Sandstorm [1] (shameless plug, but it's a good example here)
> >> > > can already sandbox normal-ish programs, and those sandboxes can be
> >> > > launched without privilege [2].
> >> > >
> >> > > Why is kdbus needed?
> >> >
> >> > Because it sucks less than passing fd's and using home-made protocols on
> >> > top of it.
> >>
> >> For securely communicating with a container, "it sucks less" is hard
> >> to use as a design criterion.
> >
> > Sucking less is a requirement when it comes to being able to use it. At
> > the very least, when it comes to security, the fact that the protocol
> > can be captured and analysed in wireshark is already of great help to
> > inspect what each component of the system is doing. More so than passing
> > fd's and using a custom protocol on the server and client sides.
> >
> >> What's wrong with fds, and how does kdbus solve it?
> >
> > By having a well-known protocol and defined semantics on top of that
> > communication channel. I could try and re-explain why kdbus is needed,
> > but I wouldn't do as good a job as the people working on it, so best to
> > refer to the individual threads about kdbus on this list.
> >
>
> I didn't do a good job asking the question, then.
>
> What's wrong with fds in the context of communicating with a
> container? What does kdbus do container-wise that helps?
Nothing's wrong with using fd's. They're just a very poor API.
next prev parent reply other threads:[~2014-10-27 16:10 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-21 8:49 A desktop environment[1] kernel wishlist Bastien Nocera
2014-10-21 13:11 ` Sergey
2014-10-22 2:58 ` Minchan Kim
2014-10-22 16:52 ` Dan Streetman
2014-10-22 20:16 ` Heinrich Schuchardt
2014-10-27 16:11 ` Sergey "Shnatsel" Davidoff
2014-10-27 9:23 ` Pavel Machek
2014-10-27 16:02 ` Sergey "Shnatsel" Davidoff
2014-10-31 9:36 ` Jan Kara
2014-11-03 18:21 ` Heinrich Schuchardt
2014-11-04 9:28 ` Jan Kara
2014-11-04 19:55 ` Heinrich Schuchardt
2014-11-05 17:18 ` Jan Kara
2014-10-21 17:04 ` John Stultz
2014-10-21 17:14 ` Bastien Nocera
2014-10-21 18:00 ` John Stultz
2014-10-21 18:09 ` Bastien Nocera
2014-10-21 19:10 ` John Stultz
2014-10-27 14:19 ` Bastien Nocera
2014-10-27 16:56 ` John Stultz
2014-10-28 22:57 ` One Thousand Gnomes
2014-10-30 14:41 ` Bastien Nocera
2014-10-30 23:39 ` One Thousand Gnomes
2014-10-31 14:03 ` Bastien Nocera
2014-11-03 14:17 ` One Thousand Gnomes
2014-10-30 14:35 ` Bastien Nocera
2014-10-30 23:25 ` One Thousand Gnomes
2014-10-31 14:01 ` Bastien Nocera
2014-11-21 19:08 ` Pavel Machek
2014-10-21 19:23 ` Andy Lutomirski
2014-10-22 17:04 ` Zygo Blaxell
2014-10-27 14:28 ` Bastien Nocera
2014-10-27 20:59 ` Zygo Blaxell
2014-10-28 12:36 ` Bastien Nocera
2014-10-28 14:36 ` John Stultz
2014-10-31 13:54 ` Bastien Nocera
2014-10-31 17:38 ` John Stultz
[not found] ` <CANszf4gaozN9YHzxUToRP9CaA1VVEV9vcz_X6LDL1zW3fH4Fow@mail.gmail.com>
2014-10-28 16:41 ` Fwd: " Rogelio Serrano
2014-10-27 9:28 ` Pavel Machek
2014-10-27 14:31 ` Bastien Nocera
2014-10-28 18:50 ` suspend to partition " Pavel Machek
2014-10-30 13:57 ` Bastien Nocera
2014-10-29 19:19 ` Andy Lutomirski
2014-10-29 20:26 ` Theodore Ts'o
2014-10-29 21:16 ` Pavel Machek
2014-10-30 14:45 ` Bastien Nocera
2014-10-30 14:53 ` Andy Lutomirski
2014-10-30 15:07 ` Bastien Nocera
2014-10-30 18:23 ` Pavel Machek
2014-10-31 13:57 ` Bastien Nocera
2014-10-30 15:05 ` Theodore Ts'o
2014-10-30 15:15 ` Bastien Nocera
2014-10-30 15:34 ` Theodore Ts'o
2014-10-30 15:36 ` Bastien Nocera
2014-10-30 17:41 ` Pavel Machek
2014-10-31 13:59 ` Bastien Nocera
2014-10-30 23:21 ` One Thousand Gnomes
2014-10-30 23:19 ` One Thousand Gnomes
2014-10-30 14:42 ` Bastien Nocera
2014-10-28 22:42 ` One Thousand Gnomes
2014-10-21 18:24 ` Geert Uytterhoeven
2014-10-27 14:20 ` Bastien Nocera
2014-10-27 15:31 ` Geert Uytterhoeven
2014-10-27 15:44 ` Bastien Nocera
2015-04-30 16:25 ` Bastien Nocera
2015-04-30 17:10 ` John Stultz
2015-04-30 17:23 ` Olof Johansson
2015-04-30 18:54 ` Chirantan Ekbote
2015-05-01 9:02 ` Tomeu Vizoso
2015-05-04 22:19 ` Rafael J. Wysocki
2015-05-05 6:05 ` Tomeu Vizoso
2015-05-05 12:31 ` Rafael J. Wysocki
2015-05-07 16:54 ` One Thousand Gnomes
2015-05-07 21:03 ` Rafael J. Wysocki
2015-05-08 7:09 ` Tomeu Vizoso
2015-05-04 22:12 ` Rafael J. Wysocki
2015-05-04 23:30 ` Chirantan Ekbote
2015-05-05 10:46 ` Bastien Nocera
2015-05-05 19:22 ` Chirantan Ekbote
2015-05-06 12:41 ` Bastien Nocera
2015-05-05 14:39 ` Alan Stern
2015-05-05 14:39 ` Alan Stern
2015-05-05 17:58 ` Chirantan Ekbote
2015-05-05 19:35 ` Alan Stern
2015-05-05 19:35 ` Alan Stern
2015-05-05 20:58 ` Chirantan Ekbote
2015-05-05 23:56 ` Rafael J. Wysocki
2015-05-05 23:38 ` David Lang
2015-05-05 23:51 ` Rafael J. Wysocki
2015-05-07 17:03 ` One Thousand Gnomes
2015-05-07 18:21 ` Chirantan Ekbote
2015-05-05 23:47 ` Rafael J. Wysocki
2015-05-06 17:40 ` Chirantan Ekbote
2015-05-07 23:19 ` Rafael J. Wysocki
2015-05-11 22:12 ` Pavel Machek
2015-05-12 0:45 ` Rafael J. Wysocki
2014-10-21 19:28 ` Andy Lutomirski
2014-10-21 19:43 ` Al Viro
2014-10-21 19:47 ` Andy Lutomirski
2014-10-27 13:55 ` Bastien Nocera
2014-10-27 15:12 ` Andy Lutomirski
2014-10-27 15:45 ` Bastien Nocera
2014-10-27 16:08 ` Andy Lutomirski
2014-10-27 16:09 ` Bastien Nocera [this message]
2014-10-27 16:22 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1414426146.30379.62.camel@hadess.net \
--to=hadess@hadess.net \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.