Re: New modules in 2.14
- From: Matthew Garrett <mjg59 srcf ucam org>
- To: Ryan Lortie <desrt desrt ca>
- Cc: William Jon McCann <mccann jhu edu>, Gnome Desktop Development List <desktop-devel-list gnome org>
- Subject: Re: New modules in 2.14
- Date: Fri, 20 Jan 2006 09:05:12 +0000
On Wed, Jan 18, 2006 at 10:58:07AM -0500, Ryan Lortie wrote:
> This is exactly the problem. In order for g-p-m to do its stuff we have
> to add to HAL the ability for any user to say "suspend the system
> now" (since g-p-m needs to do this and it's just running as a normal
> user). If any user can say "suspend now" then I can be logged in as a
> background user and play nasty tricks on the console user. HAL
> currently has no mechanism for making a distinction between background
> users and the user that currently 'controls' the machine.
I don't think hal's the right layer to make that distinction. I'm
working on implementing it at the dbus level.
This isn't something that's limited to power management, so hal is going
to end up needing this functionality even if g-p-m turned into a system
daemon. I'd argue that one well-audited mechanism for hal to execute
privileged code is preferable to half a dozen small system daemons
running as root and managing to duplicate each others bugs.
Matthew Garrett | mjg59 srcf ucam org
] [Thread Prev