Fwd: Geoclue & permissions
Zeeshan Ali Khattak
zeeshanak
Thu Apr 17 09:36:21 PDT 2014
Hi everyone,
I'm forwarding my short discussion with Jouni about permissions on
D-Bus interface, as per his suggestion to bring the discussion to this
list.
Forwarded conversation
Subject: Geoclue & permissions
------------------------
From: Zeeshan Ali (Khattak) <zeeshanak at gnome.org>
Date: Thu, Apr 17, 2014 at 4:14 PM
To: Jouni Malinen <jouni at qca.qualcomm.com>
Moi Jouni,
For wifi-geolocation in geoclue project[1], I'm currently using
NetworkManager for getting list of WiFis in the area. Someone
suggested that I use wpa_supplicant directly for greater portability
and adoption so I'm looking into that.
I see that you have restricted all of your D-Bus API to root user
only. Geoclue is supposed to typically run as a special user
('geoclue') without admin preveleges so goeclue can't readily use
wpa_supplicant.
I see 3 options:
1. Geoclue installs a dbus policy file that gives its user permissions
on needed API.
2. wpa_supplicant give permissions in its policy file to geoclue user
specifically.
3. wpa_supplicant give permissions to readonly API (getting list of
interfaces, BSSs etc) to everyone.
I'm going to go for #1 for now but keeping in mind that its likely not
to work in post-kdbus world, I thought I should consult you on this.
--
Regards,
Zeeshan Ali (Khattak)
FSF member#5124
[1] http://www.freedesktop.org/wiki/Software/GeoClue/
----------
From: Jouni Malinen <jouni at qca.qualcomm.com>
Date: Thu, Apr 17, 2014 at 4:40 PM
To: "Zeeshan Ali (Khattak)" <zeeshanak at gnome.org>
On Thu, Apr 17, 2014 at 04:14:35PM +0100, Zeeshan Ali (Khattak) wrote:
> For wifi-geolocation in geoclue project[1], I'm currently using
> NetworkManager for getting list of WiFis in the area. Someone
> suggested that I use wpa_supplicant directly for greater portability
> and adoption so I'm looking into that.
>
> I see that you have restricted all of your D-Bus API to root user
> only. Geoclue is supposed to typically run as a special user
> ('geoclue') without admin preveleges so goeclue can't readily use
> wpa_supplicant.
You may want to bring this up on the hostap mailing list. I did not
design the D-Bus API or the permissions set in the configuration file
for this.
> I see 3 options:
>
> 1. Geoclue installs a dbus policy file that gives its user permissions
> on needed API.
> 2. wpa_supplicant give permissions in its policy file to geoclue user
> specifically.
> 3. wpa_supplicant give permissions to readonly API (getting list of
> interfaces, BSSs etc) to everyone.
>
> I'm going to go for #1 for now but keeping in mind that its likely not
> to work in post-kdbus world, I thought I should consult you on this.
I'm not using the D-Bus interface that much myself, but if (3) can be
done easily and safely, that sounds like a reasonable approach to me.
Anyway, this should be discussed with the people who use the D-Bus
interface, so the hostap mailing list would be more appropriate
destination for this.
--
Jouni Malinen PGP id EFC895FA
--
Regards,
Zeeshan Ali (Khattak)
FSF member#5124
More information about the Hostap
mailing list