HAL methods at storage device level,
to mount/unmount/eject volumes
Artem Kachitchkine
Artem.Kachitchkin at Sun.COM
Thu Dec 8 12:09:33 PST 2005
> For this application, Kay proposes just to use at_console (see hal.conf)
> but I believe it's already possible today to allow/deny based on SELinux
> security context. So if we have e.g. /usr/bin/gnome-mount the vendor can
> label this binary to run in a specific security context and with the
> right magic in hal.conf only gnome-mount will be able to invoke these
> methods. Which is nice.
> <policy context="default">
> <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
> </policy>
> <policy at_console="true">
> <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
> </policy>
OK, so this seems to limit access to a D-BUS interface. What about
methods? Is there a way to e.g. allow Mount()/Unmount(), but deny Format()?
-Artem.
More information about the hal
mailing list