Managing ACL's on device nodes
Bill Nottingham
notting at redhat.com
Wed Feb 7 10:52:55 PST 2007
Kay Sievers (kay.sievers at vrfy.org) said:
> > We don't (unless I'm mistaken) have revoke(); without this, ACLs aren't
> > bullletproof (but neither is chown). Of course, once we get revoke(),
> > apps will probably break. :)
>
> Yeah, we can't handle apps that keep fd's open, but it's not different
> from from what we already have. Apps are expected to listen to
> ConsoleKit events and close fd's, so at the time we get revoke(), the
> apps break just need to get fixed.
I suspect you can fix them even in the absence of ConsoleKit - if
it suddenly gets -EPERM on an open FD, it should DTRT without any
events.
> > It's moving the changing of device ownership from a (relatively)
> > synchronous process (pam_console) to an asynchronous one; not that that's
> > necessarily *bad*, but it's different.
>
> Invoking pam_console from udev for a new device, is the same async
> model, just with less code involved.
Device add was asynchronous before, but setting the perms on login
was synchronous.
Bill
More information about the hal
mailing list