How to grant permission to tainted device

[Jim Carter]

I manage a student lab in which the machines have nVidia or ATI graphics
cards.  Wanting 3D acceleration I use the evil proprietary drivers on
them.  Neither of these drivers register themselves so that there is no
trace of the 3D interface devices in sysfs (/dev/nvidia0, /dev/nvidiactl,
/dev/dri/card0).  So I assume that HAL doesn't even know that the devices
exist, unless someone tells it.

In my previous distro version, OpenSuSE 10.3, they used resmgr and I
simply provided a file in /etc/resmgr.conf.d that said
    ongrant  video run /usr/local/sbin/resgrant
(and similarly onrevoke); the script does chown $RES_USER $device (for 
the device actually on the machine).  

OpenSuSE 11.1 no longer includes resmgr.  An alternative is to put
equivalent code into /etc/X11/xdm/GiveDevices or the equivalent for 
whatever display manager, but if that were the "right" way the distro
would have done it, and they didn't.  

I'm assuming that the "right" solution involves HAL, and the "right" way
to configure HAL is through PolicyKit.  How would a HAL expert control
access to a device that does not play nice with sysfs, or whose
attributes are not helpful?  The latter point refers to DVD drives,
which are "removeable block devices" which in the default configuration
users may not monkey with (and that's appropriate for, e.g. an external
drive perhaps holding the operating system), rather than big CDROMs,
which the user would get permission for.  Basically what I'm asking is,
how do I control access to particular devices differently from the
default policies found in 
/usr/share/PolicyKit/policy/org.freedesktop.hal.device-access.policy
shipped with PolicyKit? 

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc at math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)