discussion about use of memfd
by José Bollo
Hi there,
In AGL project, the two major components libweston and pipewire,
managing respectively display and audio, are using memfd for creating
and passing a shared memory buffer.
The maintainers of these components are blocked by Smack security that
forbids the service running with label X to pass the file descriptor to
its client.
The links [1] and [2] point discussions around that issue.
I believe that Tizen solved the issue by using the security manager.
Except if the policy were that memfd gets @ or * label by default, it
appears to me that implementers using memfd in Smack secured system
have to add something. But what?
So let me open the discussion. I can see 3 ways of providing a solution.
1. Tag memfd created object with '*'. Then applications are responsible
of passing the object to clients it trusts (or not).
2. Enforce use of a service to solve the issue (a security-manager).
3. Change smack to handle the case. How? By allowing processes to
change the security.SMACK64 attribute file it created to some precise
values (possibly managed by transmute rules).
Best regards
José Bollo
[1] https://jira.automotivelinux.org/browse/SPEC-3305
[2] https://jira.automotivelinux.org/browse/SPEC-2554
10 months, 3 weeks