Some privilege reduction patches
Sjoerd Simons
sjoerd at luon.net
Wed Feb 15 11:16:56 PST 2006
On Wed, Feb 15, 2006 at 01:27:47PM +0100, Danny Kukawka wrote:
> On Wednesday 15 February 2006 12:55, Martin Pitt wrote:
> > Please see http://bugs.debian.org/352512 for details; I quote the
> > important bits here:
> >
> > -------- snip --------
> > Since the last upgrade of hal, acpid has stopped working, complaining
> > that it cannot access /proc/acpi/events, while lsof reveals that this
> > file is used by hald-addon-acpi, which doesn't seem to be documented
> > anywhere.
> >
> > The hal acpi addon can use either the /proc interface or the events
> > file provided by acpid. Unfortunately when the acpid event socket
> > goes away the addon immediatly connects to the proc interface, thus
> > blocking acpid from connecting.
> > -------- snip --------
>
> In this case you should compile hald only with acpid support and not with
> both or be sure that acpid is started before hal.
Right. Well acpid starting before hal doesn't help if you upgrade your acpid
package (which will stop and start acpid), because hal will grab the socket
when it's gone. That's what happened to the bug reporter.
I am currently leaning to configuring hal to never read from the kernel socket,
but always from acpid.
> On the other side, we could
> change the addon to only reconnect to eventsource which was successful
> connected before.
That still has race conditions (at least in debian).. The normal upgrade
process first stop's the daemons to be upgraded, does all the unpacking and
stuff, then starts the daemons one by one. There is no guarantee that acpi is
started before hal in this case....
Sjoerd
--
We warn the reader in advance that the proof presented here depends on a
clever but highly unmotivated trick.
-- Howard Anton, "Elementary Linear Algebra"
More information about the hal
mailing list