Conversation
* Replace DBus::SystemBus instances with DInstaller::DBus::Bus.
service/share/dbus.conf
Outdated
|
|
||
| <standard_session_servicedirs /> | ||
|
|
||
| <policy context="default"> |
There was a problem hiding this comment.
This makes the policy wide open, overriding the root restrictions below.
I think it is wrong: for a regular session bus it works out because the socket used is /run/user/$UID/bus, in a user-specific tmpdir, and the access rights of the directory are 0700, locking other users out.
There was a problem hiding this comment.
Oh, I see. So I guess we should drop this whole section, right?
There was a problem hiding this comment.
I have updated the file and I wonder whether it makes sense to put it under /usr/share/dbus-1/. We can read that configuration just from the gem path. WDYT?
PS: if we still decide to keep the file under /usr/share/dbus-1, we should at least move it out of the system.d folder.
There was a problem hiding this comment.
I have moved that file to /usr/share/dbus-1/d-installer and the services to /usr/share/dbus-1/d-installer-services. I found out that other packages are doing the same:
/usr/share/dbus-1/accessibility-services
/usr/share/dbus-1/system-services
Co-authored-by: Martin Vidner <mvidner@suse.cz>
|
I tried this PR and it works: I could interact with NetworkManager from D-Installer's UI. The list of Iguana volumes looks like this: However, I found a different problem with the storage layer. In my setup (I do not know whether it might be a problem in other Iguana-based scenarios), D-Installer cannot probe one of the file systems ( Given that the PS: I used a PXE-based approach so I will write a small "howto" (in a different PR). |
Trying to mount the However, mounting the DVD ( |
* The createClient is not async anymore. * The responsability of reading the bus address is moved to the installer context.
imobachgs
changed the title
| pid = find_server | ||
| return unless pid | ||
|
|
||
| Process.kill("KILL", pid.to_i) |
There was a problem hiding this comment.
NP: note that usually preferred way for killing is something like SIGTERM wait 5 seconds and then SIGKILL if it does not help. Here you do not allow process to finish anything.
There was a problem hiding this comment.
Good point. Let's postpone this change a bit, anyway.
| import cockpit from "../lib/cockpit"; | ||
|
|
||
| const MANAGER_SERVICE = "org.opensuse.DInstaller.Manager"; | ||
| const MANAGER_SERVICE = "org.opensuse.DInstaller"; |
There was a problem hiding this comment.
hmm, now I am curious why previously it works when service const was wrong?
There was a problem hiding this comment.
That service name was used as a fallback:
However, we were injecting the correct D-Bus client:
Hence the MANAGER_SERVICE constant was not used at all.
|
In general change looks good, just please document exception at #384 (comment) |
4 participants
Problem
D-Installer uses the D-Bus "system" service. When running as a container, the backend container shares its "system" bus, so the web UI can access the services.
However, this approach does not work with Iguana. In that scenario, the web UI needs to access the D-Installer system bus (which is shared as it was the "system" D-Bus) and the host system bus (which cannot be accessed at this point) at the same time.
Our first attempt was to attach D-Installer to the host D-Bus server, but that's not possible because we need to change the server's configuration (to set the permissions).
Solution
This PR changes D-Installer to use its own D-Bus server. It has two main advantages:
We have not tested this approach in Iguana yet.
Testing
To do
bin/d-installer