Security Working Group meeting - Wednesday April 27 - results
Patrick Williams
patrick at stwcx.xyz
Thu Apr 28 05:03:39 AEST 2022
On Wed, Apr 27, 2022 at 01:07:49PM -0500, Joseph Reynolds wrote:
> On 4/27/22 7:31 AM, Joseph Reynolds wrote:
> 3 Nirav Shah - Alternate idea: Use D-Bus session buses (vs the system bus).
>
> Note that all OpenBMC applications use the D-Bus system bus, which only
> the root user is allowed to access.
>
> Nirav presented an idea to change some applications to use a session bus
> (and away from the system bus). Doing so allows BMC applications to run
> as non-root and makes it easier for different applications to
> communicate via D-bus APIs.
>
> We believe this work is relatively independent of SELinux policy
> configuration.
In my opinion, architectural changes like this fall pretty far outside
of "Security" and need pretty wide consensus. It's fine if you want to
use the Security Workgroup to refine the idea but I want to be clear
that acceptance by the Security Workgroup isn't sufficient to move
forward.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20220427/cf7791f1/attachment.sig>
More information about the openbmc
mailing list