On Mon, Feb 12, 2007 at 01:48:26PM -0500, David Zeuthen wrote: > Two sessions in fast user switching on a single seat. One web cam. You > really want to make sure that the inactive session cannot use the web > cam. Yes, to do this in a really secure manner you want revoke() and No you don't. You want to make sure that only the user uid of the currently active session can access the webcam. It doesn't matter if the webcam access then comes from my X session or some other unrelated process, providing it's me it is watching. Trivial example is a user running cron to take 5 minute shots of their activity via cron. The cron fired video grab is definitely not part of some gnome created session but its perfectly fine. What must fail is if I try and take a picture while I've let someone else borrow the seat (and this again is uid not session) > probably something even better than this proposal SELinux can do much of the revoke type duties, but I agree you want revoke really, and its a big Linux failing. Please beat up Al Viro until he understands how urgent it is... Alan -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
