Sebastian Wick
Sebastian Wick
> Network devices are properly namespaced is what I said. Yeah, I got that. I wondered why events from some devices are restricted to netns belonging to the initial userns...
Sorry for being this naive about everything. If a device is not properly namespaced then it can be used in all namespaces, right? In that case the message would be...
> (a) network namespace owned by initial user namespace -> receive all uevents > (b) network namespace owned by a non-initial usernamespace (unshare(CLONE_NEWUSER | CLONE_NEWNET)) -> no > uevents apart...
ugh, completely forgot the part about the uid. all makes sense again...
@zeenix asked me to provide a bit more detail. Is this better to understand?
> I'm not too sure of the need for that. Application should always assume that any clients accessing its services are malicious. That's security 101: Don't trust anyone by default....
Others seem to agree that the metadata map is useful and we should standardize the keys as a separate xdg spec so we can share them with the wayland-security context...
We're talking about metadata that's *not* the identity such as the desktop file name.
I'm going to look into it.
The JS bindings for gobject are indeed only useable in gjs, which means that the gobject introspection data is kinda useless for us. One could try to implement gobject bindings...