From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <54B3DBA9.5040905@xenomai.org> Date: Mon, 12 Jan 2015 15:35:21 +0100 From: Philippe Gerum MIME-Version: 1.0 References: <54A6A387.4010109@web.de> <20150102141625.GD1492@daedalus> <20150102150638.GE1492@daedalus> <54A6C072.7020303@web.de> <20150103194050.GH12052@daedalus> <54A84E6E.2040501@web.de> <20150103222509.GA6409@hermes.click-hack.org> <54AD77A0.1010206@siemens.com> <20150112104200.GD25855@hermes.click-hack.org> <54B3ADB8.3010901@siemens.com> <20150112113415.GG25855@hermes.click-hack.org> <54B3B715.2000109@siemens.com> In-Reply-To: <54B3B715.2000109@siemens.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Xenomai] [Xenomai-git] Philippe Gerum: copperplate: add configuration tunable for registry moint point List-Id: Discussions about the Xenomai project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jan Kiszka , Gilles Chanteperdrix Cc: Xenomai On 01/12/2015 12:59 PM, Jan Kiszka wrote: > On 2015-01-12 12:34, Gilles Chanteperdrix wrote: >> On Mon, Jan 12, 2015 at 12:19:20PM +0100, Jan Kiszka wrote: >>> On 2015-01-12 11:42, Gilles Chanteperdrix wrote: >>>> On Wed, Jan 07, 2015 at 07:14:56PM +0100, Jan Kiszka wrote: >>>>> On 2015-01-03 23:25, Gilles Chanteperdrix wrote: >>>>>>>> >>>>>>>> Alternatively (to the last item), the sysregd could be made suid >>>>>>>> root, create the session directory if it does not exist with root >>>>>>>> permissions but with the target user as owner, then drop root >>>>>>>> privileges and continue as a normal user. >>>>>>> >>>>>>> Should work, but unless I stumbled over fundamental issues why sysregd >>>>>>> is not working as normal user right now, I don't see a technical need >>>>>>> for this big hammer for user-managed sessions. >>>>>> >>>>>> The enormous advantage of using the big hammer (in fact, only if we >>>>>> put the three changes into it), is that it avoids explaining things >>>>>> to the users, and avoids as well questions on the mailing list. >>>>>> Given the number of questions we have had about /dev/rtheap and >>>>>> /dev/rtpipe, this would be a win. >>>>> >>>>> We actually need the big suid-hammer: only root has the permission to >>>>> clean up the mounts of other users. Obsoletes my fusermount -u patch. >>>> >>>> Why does root need to clean up the mounts of other users if each >>>> user cleans up its mounts ? >>> >>> As long as the daemon only runs on behalf of the very same user, this >>> works. But this breaks when user A starts a session and B joins it or >>> inherits a still running daemon. >> >> Is it really a case that matters ? As I already said, I believe >> running xenomai programs as simple user should be taken into >> account, but multiple users for the same session ? > > If that is not required, we could make the mount point private in $HOME. > Then it is clear to the user that sessions cannot be shared. And the > namespaces would be isolated automatically. > > Anon will continue to require a root daemon that has to be started in > advance. > Looks ok. Named sessions have been designed as a way to share things between processes composing a larger application, basically. Assuming that all processes sharing a named session must belong to the same uid is part of the original design. -- Philippe.