From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <54B3B715.2000109@siemens.com> Date: Mon, 12 Jan 2015 12:59:17 +0100 From: Jan Kiszka MIME-Version: 1.0 References: <54A6A387.4010109@web.de> <20150102141625.GD1492@daedalus> <20150102150638.GE1492@daedalus> <54A6C072.7020303@web.de> <20150103194050.GH12052@daedalus> <54A84E6E.2040501@web.de> <20150103222509.GA6409@hermes.click-hack.org> <54AD77A0.1010206@siemens.com> <20150112104200.GD25855@hermes.click-hack.org> <54B3ADB8.3010901@siemens.com> <20150112113415.GG25855@hermes.click-hack.org> In-Reply-To: <20150112113415.GG25855@hermes.click-hack.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Xenomai] [Xenomai-git] Philippe Gerum: copperplate: add configuration tunable for registry moint point List-Id: Discussions about the Xenomai project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gilles Chanteperdrix Cc: Xenomai On 2015-01-12 12:34, Gilles Chanteperdrix wrote: > On Mon, Jan 12, 2015 at 12:19:20PM +0100, Jan Kiszka wrote: >> On 2015-01-12 11:42, Gilles Chanteperdrix wrote: >>> On Wed, Jan 07, 2015 at 07:14:56PM +0100, Jan Kiszka wrote: >>>> On 2015-01-03 23:25, Gilles Chanteperdrix wrote: >>>>>>> >>>>>>> Alternatively (to the last item), the sysregd could be made suid >>>>>>> root, create the session directory if it does not exist with root >>>>>>> permissions but with the target user as owner, then drop root >>>>>>> privileges and continue as a normal user. >>>>>> >>>>>> Should work, but unless I stumbled over fundamental issues why sysregd >>>>>> is not working as normal user right now, I don't see a technical need >>>>>> for this big hammer for user-managed sessions. >>>>> >>>>> The enormous advantage of using the big hammer (in fact, only if we >>>>> put the three changes into it), is that it avoids explaining things >>>>> to the users, and avoids as well questions on the mailing list. >>>>> Given the number of questions we have had about /dev/rtheap and >>>>> /dev/rtpipe, this would be a win. >>>> >>>> We actually need the big suid-hammer: only root has the permission to >>>> clean up the mounts of other users. Obsoletes my fusermount -u patch. >>> >>> Why does root need to clean up the mounts of other users if each >>> user cleans up its mounts ? >> >> As long as the daemon only runs on behalf of the very same user, this >> works. But this breaks when user A starts a session and B joins it or >> inherits a still running daemon. > > Is it really a case that matters ? As I already said, I believe > running xenomai programs as simple user should be taken into > account, but multiple users for the same session ? If that is not required, we could make the mount point private in $HOME. Then it is clear to the user that sessions cannot be shared. And the namespaces would be isolated automatically. Anon will continue to require a root daemon that has to be started in advance. Jan -- Siemens AG, Corporate Technology, CT RTC ITP SES-DE Corporate Competence Center Embedded Linux