[poky] [PATCH 1/1] connman: add xuser to the dbus permission list

Xu, Dongxiao dongxiao.xu at intel.com
Wed Mar 9 22:40:37 PST 2011 

Hi Ke,

Yu, Ke wrote:
> Hi Dongxiao,
> 
> Thanks for the fix. I just feel it may be better to do it in rootless
> x routine, instead of connman. because the "xuser" is introduced by
> rootless x routine, and the user name is configurable by
> /etc/X11/Xusername (details in
> meta/recipes-graphics/x11-common/xserver-nodm-init.bb: pkg_postinst).
> if the user name changed by user configuration, the connman will
> break again.    

Thanks for pointing it out, your concern is reasonable. Hardcode xuser in
connman's config file will have problems if user did any change to the name.
  
> 
> So I wonder if connman has the standard interface to grant
> permission, so that rootless x routine can call it to grant xuser
> permission. e.g.  
> - A group-based policy, i.e. for any user belongs to the connman
> group, it will has the required dbus permission. 
> - or a standalone command like "connman-perm xuser" which can add
> xuser into connman-dbus.conf 

I found there is another item in the connman.conf, named "at_console",
which can authenticate permissions to user.
That module needs libpam as its basic. It seems that currently sato image
didn't install pam into target system.

The original commit was checked in master, at least it will not block QA's testings.

I will think about using more convenient way to fix the problem.

Thanks,
Dongxiao

> 
> Also another alternative is: in connman pkg_postinst, get x user name
> from /etc/X11/Xusername, then grant the user permission. in this
> case, at least you won't need to hardcode the xuser name.  
> 
> Regards
> Ke
> 
> On Mar 07, 16:00, Dongxiao Xu wrote:
>> From: Dongxiao Xu <dongxiao.xu at intel.com>
>> 
>> Some platform (like atom-pc) enables rootless X, thus the connman
>> frontend run on it need the permission to connect with connman by
>> dbus.
>> This commit grants permission to xuser.
>> 
>> This fixes [BUGID #779]
>> 
>> Signed-off-by: Dongxiao Xu <dongxiao.xu at intel.com>
>> ---
>>  .../connman-0.65/add_xuser_dbus_permission.patch   |   21
>>  ++++++++++++++++++++
>>  meta/recipes-connectivity/connman/connman_0.65.bb  |    3 +- 2
>> files changed, 23 insertions(+), 1 deletions(-)  create mode 100644
>> meta/recipes-connectivity/connman/connman-0.65/add_xuser_dbus_permissi
>> on.patch
>> 
>> diff --git
>> a/meta/recipes-connectivity/connman/connman-0.65/add_xuser_dbus_permis
>> sion.patch
>> b/meta/recipes-connectivity/connman/connman-0.65/add_xuser_dbus_permis
>> sion.patch
>> new file mode 100644
>> index 0000000..787d49b
>> --- /dev/null
>> +++
>> b/meta/recipes-connectivity/connman/connman-0.65/add_xuser_dbus_pe
>> +++ rmission.patch @@ -0,0 +1,21 @@ +Some platform (like atom-pc)
>> enables rootless X, thus we need to add +the xuser in the list. +
>> +Signed-off-by: Dongxiao Xu <dongxiao.xu at intel.com> +
>> +diff -ruN connman-0.65-orig/src/connman-dbus.conf
>> connman-0.65/src/connman-dbus.conf +---
>> connman-0.65-orig/src/connman-dbus.conf	2011-03-04
>> 09:34:49.000000000 +0800 ++++
>> connman-0.65/src/connman-dbus.conf	2011-03-04 09:35:21.000000000
>> +0800 +@@ -7,6 +7,12 @@ +         <allow
>> send_interface="net.connman.Agent"/> +         <allow
>> send_interface="net.connman.Counter"/> +     </policy> ++    <policy
>> user="xuser"> ++        <allow own="net.connman"/> ++        <allow
>> send_destination="net.connman"/> ++        <allow
>> send_interface="net.connman.Agent"/> ++        <allow
>> send_interface="net.connman.Counter"/> ++    </policy> +     <policy
>> at_console="true"> +         <allow send_destination="net.connman"/>
>> +     </policy> 
>> diff --git a/meta/recipes-connectivity/connman/connman_0.65.bb
>> b/meta/recipes-connectivity/connman/connman_0.65.bb
>> index 0b077e1..8bb84a1 100644
>> --- a/meta/recipes-connectivity/connman/connman_0.65.bb
>> +++ b/meta/recipes-connectivity/connman/connman_0.65.bb @@ -1,5 +1,5
>>  @@ require connman.inc
>> -PR = "r0"
>> +PR = "r1"
>> 
>>  EXTRA_OECONF += "\
>>    ac_cv_path_WPASUPPLICANT=/usr/sbin/wpa_supplicant \ @@ -21,6 +21,7
>> @@ EXTRA_OECONF += "\  SRC_URI  = "\
>>   
>>   
>> http://www.kernel.org/pub/linux/network/connman/connman-${PV}.tar.gz
>>    \ file://fix-shutdown-ap-disconnect.patch \ + 
>>  file://add_xuser_dbus_permission.patch \ file://connman \ "
>> 
>> --
>> 1.7.1
>> 
>> _______________________________________________
>> poky mailing list
>> poky at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/poky

More information about the poky mailing list