Policy based on active VT

[Tim Dijkstra]

[ Disclaimer: I'm new here, if this is totally stupid, don't clue-bat me
to hard;) ]

The problem: Often I have my linux machine running several
X sessions on different virtual terminals, obviously only one VT can be
active at the same time. In such a case I want programs like
gnome-volume-manager, -power-manager, etc to work only if it's
associated with the active virtual terminal. So we need a method two 

1) Find out on what VT we are
2) Which one is active

Fortunately, as of (XFree86 4.4/Xorg 86.8) the root window in a xserver
has a property XFree86_VT. 
To find out 2) we can use an ioctl on the console, unfortunately on
some distro's we need root permissions for that.

Now, because multiple applications need this information, it seems
useful to make it available over dBus. But than the question arises, who
should make this available? 

I just found some info about the PolicyKit in CVS, and browsed a
bit its the code. If I'm not mistaken this functionality is not included
yet. I would say this is a good place to implement it. To stay with
example similar to [0]; at the moment that hal is checking if uid=500 is
allowed to mount a removable device, the PolicyKit will check (if
configured to do so) if the connection comes from a process that belongs
to the currently active VT.

For this to work we of course still need a way to find out the active
VT, I can image that a really simple setuid program could help there
(I'd imagine PolicyKit drops privileges, right?).
And we need a way to find out which VT a certain session-dBus belongs
to. I don't know much about dBus, I guess now there's no way to get to
know that, but that should be fixable.
It would maybe be a bit hard to rule out VT-spoofing, but I don't think
that is really important, pressing ctrl-alt-f_ would bring me there
anyway...

What do you think?

grts Tim



[0] http://webcvs.freedesktop.org/*checkout*/hal/PolicyKit/doc/spec/polk
it-spec.html