Policy for storage devices

[John (J5) Palmieri]

On Thu, 2004-10-14 at 17:00 -0400, Sean Middleditch wrote:
> On Thu, 2004-10-14 at 16:50 -0400, John (J5) Palmieri wrote:
> > On Thu, 2004-10-14 at 16:39 -0400, David Zeuthen wrote:
> > 
> > > 
> > > However, the point of hal is to merge *all* interesting information
> > > about a device and this does include policy. If and when we get a public
> > > device information file repository we need to ensure that these files
> > > doesn't contain policy.
> > 
> > Hmm, interesting point.  Perhaps we should jail off policy so that
> > informational fdi files and policy fdi files can not be contained in the
> > same file but since policy is keyed off of device information this
> > wouldn't add that much more security.  (i.e. a malicious fdi file
> > changes all removable media to be marked as internal and get internal
> > drive privileges).  I would guess the best thing to do is if we add a
> > tool to easily add fdi files to do some heuristics and warn the user if
> > the fdi file looks fishy.  Otherwise the danger is no worse than
> > installing an untrusted RPM from some random site.  You need to be root
> > to install fdi files so it is a do it at your own risk sort of thing.  
> 
> Couldn't we just add something to the FDI file to mark it as policy vs
> information?  Sort of like how the .desktop format lets you specify
> different sections?  Maybe just a simple attribute like
> type="information" vs type="policy" (with the default being information,
> for backwards compatibility), such that you can easily guarantee that a
> file either is information only, or isn't.

We already know what policy is because it will be placed under a .policy
key (i.e. storage.policy.mount_filesystems). 
 
-- 
John (J5) Palmieri
Associate Software Engineer
Desktop Group
Red Hat, Inc.
Blog: http://martianrock.com

_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal