Re: [Tracker] Running Tracker with dbus system bus

From: Philip Van Hoof <philip codeminded be>
To: Ralph Böhme <rb netafp com>
Cc: tracker-list gnome org
Subject: Re: [Tracker] Running Tracker with dbus system bus
Date: Thu, 02 Jan 2014 11:53:46 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ralph Böhme schreef op 2/01/2014 11:36:

Hi Ralph,

[cut]

I must run Tracker as root, because I must be able to index a 
_shared_ ressource, ie all files of a fileserver (currently 
AFP/Netatalk, in the future SMB/Samba).

Ok, makes sense.

[cut - security warning about running tracker-extract as root]


Point taken.


Good :)

[cut - technical proposals to improve the situation and other
cuts]

The whole Tracker design must be updated to optionally allow 
running Tracker in dbus system context, not in user context.


Yes I agree with this for your use-case.

I think it should be at least a option, a commandline switch or 
perhaps even a compile time option. I wouldn't be against it
(noting to your users the warning about tracker-extract that I
just gave - which I do think you ought to take very serious).


fwiw, the requirements for the described use case don't
neccessarily require running Tracker as root. What's need is using
dbus system context, not session context, so that arbitrary users
(processes with distinct uids) can connect. The latter is not
allowed by dbus for user context services (ie you can't connect as
arbitrary user to a dbus session service from another user (another
euid that is)).


nod. Correct afaik.

A proper solution (with security in mind) might be * add an option
that makes Tracker use system dbus context instead of session
context * add another option to take a user under which Tracker
will run in this case, this user MUST not be root


Patches that implement this would be welcomed. At least from my side.
Note that other Tracker maintainers might also have a point of view.

Some locations in the code:

For tracker-store:

https://git.gnome.org/browse/tracker/tree/src/libtracker-bus/tracker-bus.vala#n24

https://git.gnome.org/browse/tracker/tree/src/libtracker-sparql-backend/tracker-backend.vala#n37

https://git.gnome.org/browse/tracker/tree/src/tracker-store/tracker-dbus.vala#n95


This one  is used by tracker-extract:

https://git.gnome.org/browse/tracker/tree/src/libtracker-common/tracker-dbus.c#n70

The D-Bus service for all miners:

https://git.gnome.org/browse/tracker/tree/src/libtracker-miner/tracker-miner-manager.c#n409

Unfortunate manual D-Bus connection to tracker-store from miner-fs:

https://git.gnome.org/browse/tracker/tree/src/miners/fs/tracker-main.c#n772

In case you need tracker-writeback:

https://git.gnome.org/browse/tracker/tree/src/miners/fs/tracker-writeback-listener.c#n193




Philip


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSxUU6AAoJEEP2NSGEz4aDOIsH+wX+zFprX9lmP9hiL2xZSaEq
d4O9udeqGqoMa89gRHF8Jgw55He7kj5IGwoLepXQr50u5uftaNc+y2GkzmPabQoA
HebZBlVII0qYWJ7LOlfA1yj8Gtw5HediUs6gzMa6nnNSIrNP9KkumVr1P6P16YJn
2kLTJ2wnKqnFcGCDj2X92npxvw3QbJTihKgBSLBpR7E2EL7G5AFltoqxhK5rq1jM
QDD9g1svfjI92IKcpEsDcYmyZCH9voMTVYezxp+7vaNQteP7eHpQQC3rnE1FQ+qC
/w21bdEjKwQW4Y6FO0rueLuHXYtWqA4e+AlWdCoe2cki2Zih/GpN9NHhEqAAfwE=
=8z1k
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Ralph Böhme

References:
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Ralph Böhme
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Philip Van Hoof
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Ralph Böhme
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Philip Van Hoof
- Re: [Tracker] Running Tracker with dbus system bus
  - From: Ralph Böhme

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]