[PATCH] Hal privilige seperation
Artem Kachitchkine
Artem.Kachitchkin at Sun.COM
Fri Jan 20 12:08:49 PST 2006
> Well i don't want hald-runner to be a setuid program on disk somewhere, so no
> hal can't start it after dropping it's priviliges.
It can temporarily raise privileges, restart hald-runner, and drop them
again.
I would also like to hear your take on my first question:
> Does hald-runner exist only so that the addons have a privileged ancestor they can inherit privileged uid/gid from? If so, wouldn't it be much easier if hald regained its privileges temporarily before exec'ing an addon and dropping them immediately after?
Is there a specific reason for separating helper launcher into a
separate process? I buy John's SELinux argument, but doubt that SELinux
was your primary design motivation.
-Artem.
More information about the hal
mailing list