ACL troubles
Alesh Slovak
alesh.slovak at avasys.jp
Wed Jan 7 01:18:31 PST 2009
Hi,
I am a developer working on third party scanner drivers and we are
having some trouble with HAL and access management.
In order to support a wide range of distributions, we run a post install
script that searches for the SANE fdi file and mimicks it as close as
possible. We then drop the generated file into the same location we
found the SANE fdi file in, except we put it in the "20thirdparty"
directory.
This works just fine for most of the distributions we support, including
Debian, Ubuntu, and openSUSE, but Fedora is giving us trouble because it
is using ACL.
Specifically, the problem is that
"/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi" is
processed before our fdi file, which is located in
"/usr/share/hal/fdi/policy/20thirdparty".
This results in our scanners not getting the appropriate permissions set
and users not being able to scan (unless they log in as root or set
permissions manually).
I thought of several solutions:
1. put the generated fdi file in "/usr/share/hal/fdi/preprobe"
unconditionally
2. put the generated fdi file in "/usr/share/hal/fdi/information"
unconditionally
3. put the generated fdi file in the "10osvendor" directory
4. copy the needed ACL entries from "20-acl-management.fdi" into our
fdi file
5. set the access_control.grant_group property to grant permissions
to a group
I am trying to find a solution that is compatible across all
distributions and none of these solutions are ideal. Some are just plain
bad. I won't get into the details here, since this e-mail would get way
too long.
I am looking for any ideas or suggestions as well as comments on the
above ideas. More specifically, I would like to know from the HAL dev
community if there is some recommended way of dealing with this kind of
situation.
Thank you.
--
Alesh Slovak Linux Team -- AVASYS Corporation
alesh.slovak at avasys.jp http://avasys.jp
More information about the hal
mailing list