From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Schwarzott Date: Wed, 05 Aug 2009 16:47:28 +0000 Subject: Re: selectively disabling ACLs Message-Id: <200908051847.28614.zzam@gentoo.org> List-Id: References: <20090805141654.GF6336@nostromo.devel.redhat.com> In-Reply-To: <20090805141654.GF6336@nostromo.devel.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: linux-hotplug@vger.kernel.org On Mittwoch, 5. August 2009, Kay Sievers wrote: > On Wed, Aug 5, 2009 at 16:16, Bill Nottingham wrote: > > In the old HAL days, it was reasonable to configure which devices > > would and would not get ownership/ACLs applied at the system level, > > as HAL contained system level customization (via FDIs) to set this. > > > > As I look at the current code in udev, I don't see a good way to > > override this. The only infrastructure is a 70-acl.rules file > > that has: > > > > ... > > # optical drives > > SUBSYSTEM=3D"block", ENV{ID_CDROM}=3D"1", ENV{ACL_MANAGE}=3D"1" > > > > # sound devices > > SUBSYSTEM=3D"sound", ENV{ACL_MANAGE}=3D"1" > > ... > > # apply ACL for all locally logged in users > > LABEL=3D"acl_apply", ENV{ACL_MANAGE}=3D"?*", > > # TEST=3D"/var/run/ConsoleKit/database", \ > > =C2=A0RUN+=3D"udev-acl --action=3D$env{ACTION} --device=3D$env{DEVNAME}" > > > > ... > > > > The only way I can see to disable ACLs, for, say, a webcam, would > > be to write a rule that runs *before* this rules file, that sets > > last_rule. That's quite a hack. > > > > Is there a better way to set this that I don't see? > > I guess the current logic could just check ACL_MANAGE=3D0, and skip the > device if that is set? > Then one has to copy possibly complicated matching logic just to revert the= =20 result. Why not let the match rules set some kind of ACL_CLASS to some user friendl= y=20 name. (examples: block, sound, ptp, mtp, scanner, printer, optical, v4l,=20 dvb, ...) That way one can add rules like this to disable acl for joysticks ENV{ACL_MANAGE}=3D"1", ENV{ACL_CLASS}=3D"joystick", ENV{ACL_MANAGE}=3D"0" Matthias