[PATCH] [RFC] Always run hald as non-root
david at fubar.dk
Tue Feb 8 13:59:40 PST 2005
On Tue, 2005-02-08 at 00:07 +0100, Sjoerd Simons wrote:
> Since i seem to be in an extreme mood anyway, attached it is a patch that
> will make hal always drop permissions to non-root. Also it removes keeping
> the net admin capability as it's not being used anymore.
Not exactly true - it is (was, see below) used for network link
But, anyway, after some thorough discussion with Dan Williams
(NetworkManager maintainer), I've decided to remove this since network
link detection is a whole ordeal in itself (ethtool, mii, traffic
sniffing, different sysfs carrier file behavior dependent on
driver/network card/chip set, crashers caused by broken drivers etc.).
So NM and other tools are on their own now.
It'll stay in the 0.4.x branch though, as we cannot break API.
> I think it's the right way to do things. There should be no reason to run
> hald as root ever and forcing it from the start of the development cycle is
> a good way of ensuring that :)
Sure, we've already agreed on this so, yeah, no probs. Your patch wasn't
perfect though; it didn't change hald/hald.c:usage() and it didn't
remove the libcap stuff from configure.in.
Also, for development, you want to run hald as root as otherwise you
need to setuid root all your probers, callouts and addons all the time.
So, I added the option --retain-privileges and added that to the
> It would also be nice to have the addons that need to start out as root (like
> the ups one) drop permission as soon as possible (one can never be too
> sure)... Probably a utility function would be nice for that, but i don't know
> where to place it (as the addons and probers live in different dirs)
Sure, I don't really now either. I suppose this would be nice to add
sometime along the 0.5.x cycle. Patches welcome.
> PS tomorrow, i'll go back to normal patches again, i promise :p
Heh, take it easy :-)
hal mailing list
hal at lists.freedesktop.org
More information about the Hal