File Manager Service in OpenBMC

Patrick Williams patrick at stwcx.xyz
Wed Feb 14 01:32:29 AEDT 2024 

On Tue, Feb 13, 2024 at 12:14:49PM +0530, Sunitha Harish wrote:

> I have mentioned the purpose of this usecase already. There is no more details that i can share.

I think we're missing the high-level premise of what you're
proposing.  Is this an arbitrary "expose the file system over dbus" or
does it have some very specific purpose?  You've said something along
the lines of "there are some files for the manage host", which is mostly
fine if you don't want to talk about the details of them (even though
they are supposedly already in bmcweb?) but I think there are still some
more specifics you can talk to.

> Its not about implementing the file system on the BMC. Its implementing a systemd service, which will host the file descriptors as dbus
> interfaces/properties. This will give file handler APIs to the redfish clients who are willing to do file operations on the BMC.

My first read on this is that all it is doing is moving the problem from
one place to another.  Fundamentally, the reason to not have bmcweb do
file access is because of the potential security concerns.  Having a
generic dbus service that reads and modifies the file system has the
exact same security concerns, except now you've potentially lost all
information as to _who_ is doing the file operation (unless you add who
is doing the operation to the dbus interface).

If the proposal is "make a generic daemon that can expose the whole file
system as a dbus-service", the answer is likely "no" due to all the
security implications.  If there are specific files, folders, and/or
configurable sets (which by default is a locked down set of nearly
nothing) then "maybe"?  This is where it seems like people would need to
see more details of what you're accomplishing.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20240213/2470d6b0/attachment.sig>

More information about the openbmc mailing list