On Thu, 09 Sep 2004 20:21:00 +0200, David Zeuthen <david@xxxxxxxx> wrote: > I'm not sure I agree: if one cares about security one is using > filesystems with uid/gid attributes anyway. That said, however, it might > be useful to have a configuration file fstab-sync to explicitly specify > don't add this or that drive. And in the longterm finetune the mount > point names, e.g. using labels or whatnot. I think if someone wants to approach this from a locked down system point of view, you'd want to have a a policy of no devices allowed by default with specific devices allowed via administrative control. As compared to a policy of everything by default with a list of devices disallowed. Though of course both approaches will have their uses. I'm still poking at figuring out how to break hal in spectacular ways... but are the files in /usr/share/hal/fdi useful for creating locally defined policy of this sort? -jef
