Managing ACL's on device nodes

Bill Nottingham notting at redhat.com
Wed Feb 7 10:52:55 PST 2007


Kay Sievers (kay.sievers at vrfy.org) said: 
> > We don't (unless I'm mistaken) have revoke(); without this, ACLs aren't
> > bullletproof (but neither is chown). Of course, once we get revoke(),
> > apps will probably break. :)
> 
> Yeah, we can't handle apps that keep fd's open, but it's not different
> from from what we already have. Apps are expected to listen to
> ConsoleKit events and close fd's, so at the time we get revoke(), the
> apps break just need to get fixed.

I suspect you can fix them even in the absence of ConsoleKit - if
it suddenly gets -EPERM on an open FD, it should DTRT without any
events.

> > It's moving the changing of device ownership from a (relatively)
> > synchronous process (pam_console) to an asynchronous one; not that that's
> > necessarily *bad*, but it's different.
> 
> Invoking pam_console from udev for a new device, is the same async
> model, just with less code involved.

Device add was asynchronous before, but setting the perms on login
was synchronous.

Bill


More information about the hal mailing list