On 07/31/2015 08:49 PM, Lennart Poettering wrote:
On Thu, 30.07.15 19:57, Lennart Poettering (mzerqung(a)0pointer.de)
wrote:
> Heya!
>
> I'd like to ask everybody to test kdbus on Rawhide. Josh thankfully
> added it to the Rawhide kernel packages, and our systemd RPMs come
> with built-in support, too now. If you are running an up-to-date
> Rawhide system adding "kdbus=1" to your kernel command line is hence
> everything you need to run kdbus instead of dbus-daemon. (No
> additional RPMs need to be installed.) If you do, things should just
> work the same way as before, if we did everything right. By adding or
> dropping "kdbus=1" to/from the command line you can enable kdbus or
> revert back to dbus1 on each individual boot.
Quick update:
We have released a new version of systemd now with all bugs reported
here fixed. It's also in Rawhide already, but it might not have hit
all mirrors yet. To download it directly, please use:
http://koji.fedoraproject.org/koji/buildinfo?buildID=674692
And please remember to turn selinux at least into permissive mode when
using this, or even turn it off entirely while testing ("kdbus=1
selinux=0" on the kernel command line).
As you probably know this is not only about a policy fix. We added a
support for /sys/fs/kdbus in the latest rawhide policy builds to avoid
unlabeled_t issues and we can better track all issues related to kdbusfs_t.
But there is no a good policy fix in this state. It requires LSM/SELinux
support and without this support it is a completely uncontrolled IPC
mechanism.
Also some mails about the kdbus development plans and timing would
be helpful.
Thanks.
Mirek
Thanks a lot to everybody who already tested this!
Please test the new version, any feedback much appreciated!
Lennart
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.