ACL troubles
Alesh Slovak
alesh.slovak at avasys.jp
Thu Jan 8 16:16:23 PST 2009
Thanks for the reply Danny.
> SUSE is also using ACL's.
I don't know about 11.1, but 11.0 appears to be using resmgr from a
"90osvendor" directory, which I think is a good solution, since it would
impose any OS policies onto third party provided fdi files as well as OS
vendor provided ones. I wonder if this is an openSUSE specific patch. In
any case, I think the implementation of ACL should be doing something
similar.
> You need only to add these lines to the end of your fdi file:
>
> <!-- add / remove ACL's when devices are added and removed -->
> <match key="info.capabilities" contains="access_control">
> <match key="info.callout.add" contains_not="hal-acl-tool --add-device">
> <match key="info.callout.add" contains_not="hal-acl-tool --remove-device">
> <append key="info.callouts.add"
> type="strlist">hal-acl-tool --add-device</append>
> <append key="info.callouts.remove"
> type="strlist">hal-acl-tool --remove-device</append>
> </match>
> </match>
> </match>
I have also thought of this solution. However, I have the following
concerns:
- Is this futureproof? The HAL spec seems to indicate the only
properties that are stable with respect to ACL are the
access_control.grant_group and access_control.grant_user properties.
- Is this, and will it continue to be, distro independent?
- Will adding this to my fdi file have adverse effects on HAL installs
that do NOT use ACL?
Thanks again.
--
Alesh Slovak Linux Team -- AVASYS Corporation
alesh.slovak at avasys.jp http://avasys.jp
More information about the hal
mailing list