On Mittwoch, 5. August 2009, Kay Sievers wrote:
> On Wed, Aug 5, 2009 at 16:16, Bill Nottingham<notting@xxxxxxxxxx> wrote:
> > In the old HAL days, it was reasonable to configure which devices
> > would and would not get ownership/ACLs applied at the system level,
> > as HAL contained system level customization (via FDIs) to set this.
> >
> > As I look at the current code in udev, I don't see a good way to
> > override this. The only infrastructure is a 70-acl.rules file
> > that has:
> >
> > ...
> > # optical drives
> > SUBSYSTEM=="block", ENV{ID_CDROM}=="1", ENV{ACL_MANAGE}="1"
> >
> > # sound devices
> > SUBSYSTEM=="sound", ENV{ACL_MANAGE}="1"
> > ...
> > # apply ACL for all locally logged in users
> > LABEL="acl_apply", ENV{ACL_MANAGE}=="?*",
> > # TEST=="/var/run/ConsoleKit/database", \
> > RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"
> >
> > ...
> >
> > The only way I can see to disable ACLs, for, say, a webcam, would
> > be to write a rule that runs *before* this rules file, that sets
> > last_rule. That's quite a hack.
> >
> > Is there a better way to set this that I don't see?
>
> I guess the current logic could just check ACL_MANAGE=0, and skip the
> device if that is set?
>
Then one has to copy possibly complicated matching logic just to revert the
result.
Why not let the match rules set some kind of ACL_CLASS to some user friendly
name. (examples: block, sound, ptp, mtp, scanner, printer, optical, v4l,
dvb, ...)
That way one can add rules like this to disable acl for joysticks
ENV{ACL_MANAGE}=="1", ENV{ACL_CLASS}=="joystick", ENV{ACL_MANAGE}="0"
Matthias
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
