Split into simpler, more MAC friendly services
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Dmedia |
Fix Released
|
High
|
Jason Gerard DeRose | ||
Bug Description
Where MAC = Mandatory Access Control (stuff like AppArmor, SELinux, etc).
As it's highly network-enabled, dmedia needs to be carefully designed for security, which should include utilizing modern Linux MAC.
Right now the dmedia D-Bus service (`dmedia-service`) only deals with importing. However, dmedia will shortly need to deal with moving files around on the network. This bug proposes that the core, network-enabled components run in `dmedia-service`, and that the import functionality be moved into a new service (say `dmedia-
We want the network-enabled component (`dmedia-service`) to be tightly restricted in what files it can read and write. Aside from essential files needed to run the program, `dmedia-service` only needs to read and write paths within the FileStore layouts. AppArmor permissions like this would nicely restrict to the `FileStore` layouts:
/**/.dmedia/ rw,
/**/.dmedia/** rw,
Despite these restrictions, a wide range of operations are possible:
* Downloading files from other peers/services
* Other peers uploading files to this peer
* Transcoding (where master and temp file are both inside FileStore)
* Rendering (where source clips(s) and temp file are both inside FileStore)
* Playing files inside the FileStore (will always be case with Novacut player)
However, importing breaks this mold as the importer needs to be able to read basically any file on the filesystem. So rather than give the core service broad permissions, it's better to split importing into a separate executable.
This is also an important step toward splitting dmedia into finer-grained distribution packages. For example, a minimal dmedia application like the Novacut player doesn't need import functionality, so it's good to have the importer optional.
Related branches
- James Raymond: Approve
-
Diff: 3658 lines (+1603/-1016)32 files modifiedMANIFEST.in (+4/-3)
dmedia-cli (+69/-167)
dmedia-gtk (+46/-37)
dmedia-importer-service (+47/-46)
dmedia-service (+72/-0)
dmedia/__init__.py (+1/-0)
dmedia/abstractcouch.py (+22/-34)
dmedia/api.py (+87/-0)
dmedia/constants.py (+3/-1)
dmedia/core.py (+195/-0)
dmedia/filestore.py (+31/-36)
dmedia/gtkui/client.py (+19/-19)
dmedia/gtkui/service.py (+23/-28)
dmedia/gtkui/tests/test_client.py (+10/-9)
dmedia/gtkui/tests/test_service.py (+0/-53)
dmedia/importer.py (+5/-14)
dmedia/schema.py (+19/-3)
dmedia/service/__init__.py (+94/-0)
dmedia/tests/couch.py (+5/-3)
dmedia/tests/test_abstractcouch.py (+72/-143)
dmedia/tests/test_api.py (+125/-0)
dmedia/tests/test_core.py (+336/-0)
dmedia/tests/test_downloader.py (+8/-8)
dmedia/tests/test_filestore.py (+106/-77)
dmedia/tests/test_importer.py (+4/-4)
dmedia/tests/test_transcoder.py (+2/-2)
dmedia/tests/test_views.py (+65/-136)
dmedia/views.py (+76/-162)
dmedia/workers.py (+6/-6)
setup.py (+46/-23)
share/org.freedesktop.DMedia.service (+3/-0)
share/org.freedesktop.DMediaImporter.service (+2/-2)
| description: | updated |
| Changed in dmedia: | |
| milestone: | 0.5 → 0.6 |
| Changed in dmedia: | |
| status: | Triaged → In Progress |
| assignee: | nobody → Jason Gerard DeRose (jderose) |
| Changed in dmedia: | |
| status: | In Progress → Fix Committed |
| Changed in dmedia: | |
| status: | Fix Committed → Fix Released |
