From mboxrd@z Thu Jan 1 00:00:00 1970 From: Simon McVittie Subject: Re: [PATCH 00/12] Add kdbus implementation Date: Thu, 30 Oct 2014 12:28:56 +0000 Message-ID: <54522F08.7080005@collabora.co.uk> References: <1414620056-6675-1-git-send-email-gregkh@linuxfoundation.org> <20141029231106.GB16548@kroah.com> <20141029234001.GB16520@kroah.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Tom Gundersen , Andy Lutomirski Cc: Greg Kroah-Hartman , Jiri Kosina , Linux API , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , John Stultz , Arnd Bergmann , Tejun Heo , Marcel Holtmann , Ryan Lortie , Bastien Nocera , David Herrmann , Djalal Harouni , Daniel Mack , "alban.crequy" , Javier Martinez Canillas List-Id: linux-api@vger.kernel.org On 30/10/14 11:52, Tom Gundersen wrote: > For example, if you want to get the audit identity > bits, you can now get this attached securely by the kernel, at the > time the message is sent, rather than having to firest get the peer's > $PID from SCM_CREDENTIALS and then read the audit identity bits racily > from /proc/$PID/loginuid and /proc/$PID/sessionid ... which dbus-daemon (traditional D-Bus) deliberately doesn't offer as a feature, because we are not aware of any way to do that over Unix sockets without a race condition; and if we can't have it securely, we don't want to have it at all. It would be great if kdbus can fix that omission. Capabilities are in the same boat, and as a result, systemd can't currently have D-Bus methods that can only be called with CAP_WHATEVER. > * fewer userspace context switches [...] > * fewer message copies in userspace Readers are probably already aware of this, but note that D-Bus is designed to be usable between mutually distrusting processes, which is why we use Unix sockets and a lot of copies, rather than mmap or something. S