From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1aC192-00010n-Lo for mharc-grub-devel@gnu.org; Thu, 24 Dec 2015 03:21:08 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38852) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aC190-000101-Ey for grub-devel@gnu.org; Thu, 24 Dec 2015 03:21:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aC18z-0007dw-Hv for grub-devel@gnu.org; Thu, 24 Dec 2015 03:21:06 -0500 Received: from mail-oi0-x22f.google.com ([2607:f8b0:4003:c06::22f]:32988) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aC18z-0007dk-D9 for grub-devel@gnu.org; Thu, 24 Dec 2015 03:21:05 -0500 Received: by mail-oi0-x22f.google.com with SMTP id y66so135623612oig.0 for ; Thu, 24 Dec 2015 00:21:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=pd7m9PpmoLBGy406cYljTautUVhwn+Ysw1n3ZXo86II=; b=i+43DyygVtS23e9OauXQPizURPziy6m7XRioofb0OGK/viI338uvrQ4b1E/G5hCxYn SmBJHFhdGinRvDbHbXBD1C8E3Y3VPS0CLr2UaEZXxfq0tu2aLOtBWw+gkltnTLXS9n6v +6ZSNOqMIl3gL4h/O66rz5p1kh65z306/gDcCyupKQhND1YjDw9dUxj6jJkMJXwk21zi lPKYe2fnRQrQ9B6L9wCeqKojbRfeGrJNEOcB+7NIeKfCVRJdfkm6A26+0vt5ZMh6snzX jFov9Eu+phXTBGu76pF9pYRCODAMrEUaSwj3SKq7hxpbUiFfvJDkhZT9QOKaW6p2eilZ o2rQ== MIME-Version: 1.0 X-Received: by 10.202.180.66 with SMTP id d63mr17426912oif.76.1450945264878; Thu, 24 Dec 2015 00:21:04 -0800 (PST) Received: by 10.202.45.20 with HTTP; Thu, 24 Dec 2015 00:21:04 -0800 (PST) In-Reply-To: <567B0A0A.2050804@riseup.net> References: <567969EB.1090109@riseup.net> <567B0A0A.2050804@riseup.net> Date: Thu, 24 Dec 2015 11:21:04 +0300 Message-ID: Subject: Re: [PATCH] Allow to add/change menu entry class defaults. From: Andrei Borzenkov To: The development of GNU GRUB Content-Type: text/plain; charset=UTF-8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2607:f8b0:4003:c06::22f X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2015 08:21:07 -0000 On Wed, Dec 23, 2015 at 11:54 PM, Robin Schneider wrote: > Thanks for the input. I agree that my first patch was probably a bit to > flexible. I attached a updated patch. > I'm still unsure what problem it tries to solve and whether it solves problem it intends to solve. So you say > Useful for changing the default access level for menu entries when using > GRUBs password protection feature. a) This does not change any "access level" whatever it means. It only changes what icon is displayed for menu entry. b) it is all or nothing. The first found icon is used so either all menu entries are displayed with "need authentication" or none. c) if it is all or nothing then the same can trivially be implemented by replacing one set of icons ("unlocked") with another set of icons ("locked") during bootloader reconfiguration. This should be done by tool you use to configure bootloader, grub-mkconfig has no knowledge about access restrictions anyway. So either it is trivially implemented without any need to change grub-mkconfig or it does not solve the problem anyway. But idea itself is actually interesting. Icon manager in grub could select different icon if menu entry requires authentication. Or it could display overlay (which is probably better). And it actually can dynamically decide whether to display this overlay depending on whether user is already authenticated. How does it sound? P.S. current situation with grub-mkconfig I do not like at all. It became de-facto standard tool to configure GRUB by distributions but it does not provide any sane way to differentiate between distribution default vs. local admin configuration. And variables you propose sound exactly like the type that will hit this confusion. We need to solve this before.