formatting/partitioning methods in HAL

John (J5) Palmieri johnp at redhat.com
Wed Jan 25 20:41:39 PST 2006


On Fri, 2006-02-24 at 19:06 -0800, Artem Kachitchkine wrote:
> > D-BUS and HAL provides a very nice and secure way of allowing certain
> > unprivileged users to do very basic and *controlled* things through
> > D-BUS method invocations.
> 
> One thing I found with integraing D-BUS into a non-native OS (I'm I 
> allowed to say that? :) is that it's difficult to integrate with 
> existing security mechanisms. D-BUS is limited in recognizing extended 
> security attributes (identity, authentication, privileges, etc) at the 
> other end of communication (methods and, more so, signals). UID is not 
> enough, even you recently hit the wall with the lack of session 
> identifier for ConsoleTracker. In theory, D-BUS in expandable in this 
> area, but it has not been done in recent history, as far as I can tell.

It is certainly written so that it can be expanded to different auth
mechanisms (I added the console user check awhile back).  Someone just
needs to do the work.  The people who are doing the bulk of the work are
mostly interested in getting it to work well on Linux and Linux like
systems.

-- 
John (J5) Palmieri <johnp at redhat.com>



More information about the hal mailing list