HAL methods at storage device level, to mount/unmount/eject
volumes
David Zeuthen
david at fubar.dk
Thu Dec 8 11:00:15 PST 2005
On Thu, 2005-12-08 at 10:49 -0800, Artem Kachitchkine wrote:
> > HAL volume method interface to request privileged operations like mount, umount, eject
>
> Is this going to work with SELinux and similar OSes with fine-grained
> privilege models? How does HAL determine if a requesting process has
> sufficient privileges for, say, a mount operation?
This should be (and is) handled at the D-BUS system message bus level.
For this application, Kay proposes just to use at_console (see hal.conf)
but I believe it's already possible today to allow/deny based on SELinux
security context. So if we have e.g. /usr/bin/gnome-mount the vendor can
label this binary to run in a specific security context and with the
right magic in hal.conf only gnome-mount will be able to invoke these
methods. Which is nice.
So, vendors can just patch the hal.conf we ship in the upstream tarball
and I believe Debian already does this since they don't want to use
pam-console.
I'm not sure if D-BUS supports anything but SELinux security contexts at
the moment but I'm positive that patches are welcome. Btw, all this
stuff becomes much more important once we allow really dangerous
operations like SetLabel() and Format(), so I'm glad you asked :-)
Cheers,
David
More information about the hal
mailing list