genivi-ipc@lists.genivi.org

Development list for inter process communication (IPC) related topics

View all threads

Multiple vsomeip services access configuration issue

MV
Marian Vancik
Thu, Oct 26, 2017 8:22 PM

Hello,

I would like to ask you for
help with solving the problem we have.
we‘re
using vsomeip library on our project using this configuration:
 * 
ARM
device with running linux with installed vsomeip 2.7.0,

 * 
multiple
services developed by us

 * 
docker
container

 * 
client
application running inside the docker container.

 * 
Vsomeip
is configured to use security to check UID/GID to controll
access to
services.

 * 
Vsomeip
is configured to communicate through Unix-Domain-Sockets.

Docker
container is configured to use shared directories for
Unix-Domain-Sockets – it means it behaves like locally installed
application from the perspective of vsomeip.
Vsomeip
is configured to allow access to the services for application from
docker container.
In
this case we use two services:
   1. 
SMS
Service

   2. 
Button
Service

The
client application is trying to connect to sms service and then to
button service. In this order.
Connection
to the first one is OK, connection to the second one fails because of
security policy issue. Our configuration for client allows access to
both services with specific credentials. It looks like vsomeip is
only interested in first record in list of allowed requests. We
followed configuration examples and vsomeip documentation, but we
don‘t know what the problem is.
In
attachmets are:
   1. 
vsomeip
configuration file

   2. 
Client‘s
log output

   3. 
Service‘s
log output

Log
outputs are abbreviated.
Without
configured security policy the dockerized application is able to
connect to services without issues.
If
you need more details – whole log files, peaces of source code,
fdepl files e.t.c. just let me know.

Thank
you for your help

Marian
Vancik

*This e-mail message is intended only for the use of the intended recipient(s).
The information contained therein may be confidential or privileged,
and its disclosure or reproduction is strictly prohibited.
If you are not the intended recipient, please return it immediately to its sender
at the above address and destroy it. *

Hello, I would like to ask you for help with solving the problem we have. we‘re using vsomeip library on our project using this configuration:  *  ARM device with running linux with installed vsomeip 2.7.0,  *  multiple services developed by us  *  docker container  *  client application running inside the docker container.  *  Vsomeip is configured to use security to check UID/GID to controll access to services.  *  Vsomeip is configured to communicate through Unix-Domain-Sockets. Docker container is configured to use shared directories for Unix-Domain-Sockets – it means it behaves like locally installed application from the perspective of vsomeip. Vsomeip is configured to allow access to the services for application from docker container. In this case we use two services:    1.  SMS Service    2.  Button Service The client application is trying to connect to sms service and then to button service. In this order. Connection to the first one is OK, connection to the second one fails because of security policy issue. Our configuration for client allows access to both services with specific credentials. It looks like vsomeip is only interested in first record in list of allowed requests. We followed configuration examples and vsomeip documentation, but we don‘t know what the problem is. In attachmets are:    1.  vsomeip configuration file    2.  Client‘s log output    3.  Service‘s log output Log outputs are abbreviated. Without configured security policy the dockerized application is able to connect to services without issues. If you need more details – whole log files, peaces of source code, fdepl files e.t.c. just let me know. Thank you for your help Marian Vancik -- *This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. *