[PATCH] Hal privilige seperation

[Kay Sievers]

On Fri, Jan 20, 2006 at 12:08:39PM +0100, Sjoerd Simons wrote:

Hi Sjoerd,

>   As most people probably know by now, various people don't really like that
>   hal running as root. We'd much rather see only a small process running as
>   root and the main hal process running unpriviledged. Which is exactly what
>   this patch does :) 
> 
>   How does it work? Just before drops it's root privs. a small program is
>   startup which will remain running as root and does the real execution of the
>   addons/probes/callouts on hals behalf. Communication between hald
>   and hald-runner is done via a p2p dbus connection. Resulting in a process
>   tree like this:
> 
>     hal       /usr/sbin/hald
>     root      \_ /usr/lib/hal/hald-runner
>     root          \_ /usr/lib/hal/hald-addon-acpi
>     root          \_ /usr/lib/hal/hald-addon-storage
>     root          \_ /usr/lib/hal/hald-addon-storage
> 
>   The patch consists out of two parts. First the implementation of hald-runner,
>   which is about 700 lines of code. And then a part transforming the hald code
>   from the current spawning code in utils to an interface that can talk to the
>   runner.
> 
>   For debian people who want to test this, i've upload a hal 0.5.6 package to
>   experimental with this patch. It's been running on my personal machines fine
>   for a few days (i.e. vanilla hal with retain privs and patch hal show the
>   same devices/device informations).

Seem to work fine for me too after a first short test.

>   Obviously i don't want to maintain this as a specific patch for Ubuntu and
>   Debian, so please let me know what issues you see with it, if any.

It would be great, if that means, that we all can run the "same" HAL now.

Thanks a lot, and I really appreciate to see you providing a real solution
instead of the ususal complaint mode. :)

Thanks again,
Kay