Fwd: hal-0.4.0 "Its origin and purpose, still a total mystery." released

David Zeuthen david at fubar.dk
Sun Oct 17 13:41:52 PDT 2004


On Mon, 2004-10-18 at 00:21 +0400, Mitch wrote:
> Hi,
> 
>  > - Use pamconsole mount option instead of user (David Zeuthen)
> 
> Can someone explain to me the use for this ? 

Sure.

> If my understanding is
> correct, the tools haven't caught up to be able to do put this in
> by default ? Using either this keyword or 'managed' makes the mount
> fail giving me an unknown keyword error (when i click on my nautilus
> icon for the volume). 

I think the patches have been sent upstream but the util-linux
maintainer still has to apply them. For Fedora, Red Hat ships a patched
util-linux package with these patches.

> Every time i do a (cvs) install of hal i have
> to fiddle around with the 90defaultpolicy/storage-policy.fdi
> to add back in the 'user' mount option. Am i missing the point here ?

You should just write a file to put in 95userpolicy that does this. The
90defaultpolicy is intended for the OS vendor, your distributor, to
install and maintain over time. Different OS vendors might want to use
different options and different policy so they need to patch the
90defaultpolicy/storage-policy.fdi. The same of course applies if you
install hal from CVS. This is quite flexible I think, it's a lot easier
than having to maintain patches for code.

> Also it's not documented anywhere. 

Right, so I've been told that the util-linux upstream maintainer would
take the 'managed' no-operation patch. 'managed' is used by fstab-sync
to see if an entry is generated by the fstab-sync program. Previously
Red Hat and Fedora used the no-op 'kudzu' to achieve this, hence the
notion of a secondary managed keyword.

The 'pamconsole' option is a bit more Red Hat specific insofar that it's
like 'user' but requires the user to be at the console (which I believe
is a RH-ism). The patch is quite new, we did that to close a security
issue with allowing any user to mount a filesystem. 

(Imagine someone breaking into your http server which runs as nobody -
they shouldn't be able to access your removable file systems. Another
issue is that you don't want to give, say, your friend with an SSH
account access to your external disks.)

> Stop me guessing and tell us what
> toos we need to upgrade to use this and the 'managed options ;-)
> 

You can pull the 'managed' and 'pamconsole' patches for mount(1) out of
the Fedora util-linux SRPM. Or you can edit storage-policy.fdi file or
add another .fdi file to 95userpolicy.

>  > - fstab-sync manual page (David Zeuthen)
> 
> Is it only me or has this manpage got the wrong paths in it ?
> It mentions several times
> 	/usr/share/fdi/...
> which should be
> 	/usr/share/hal/fdi/...
> 

Nice catch, I'll fix this, thanks,
David


_______________________________________________
hal mailing list
hal at freedesktop.org
http://freedesktop.org/mailman/listinfo/hal



More information about the Hal mailing list