Re: hal privileges [was: Re: [Utopia] gnome-mount 0.3 is out]



On Thu, 2006-01-12 at 12:59 +0100, Martin Pitt wrote:
<snip>

> (who still does not understand why everybody else seems to ignore
> dbus' wonderful way of separating privileges with dbus services and
> instead uses the old centralized daemon way.)

Martin, do you mean like this:

  <!-- Default policy for the exported interfaces -->
  <policy context="default">
    <deny
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
    <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

  <!-- This will not work if pam_console support is not enabled -->
  <policy at_console="true">
    <allow
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

  <!-- You can change this to a more suitable user, or make per-group
-->
  <policy user="0">
    <allow
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
    <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
    <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
  </policy>

Or am I missing the point?

Richard.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]