[This was first submitted as http://bugzilla.kernel.org/show_bug.cgi?id=15353 and rejected explaining the bugzilla is for kernel bugs only and I should contact this list. Below is the complete bugreport as submitted. I'd appreciate CC on any follow-ups.] ACL_MANAGE is an udev property meant to mark devices which permissions that should be dynamically managed with ACLs. udev-acl updates permissions when adding a device, and, in collaboration with ConsoleKit, on user console login and logout. In extras/udev-acl/70-acl.rules:4 ACL_MANAGE is tested for zeroness to check whether a device should be excluded from ACL management: ENV{ACL_MANAGE}=="0", GOTO="acl_end" This is not consistent with usage in extras/udev-acl/udev-acl.c:292: udev_enumerate_add_match_property(enumerate, "ACL_MANAGE", "*"); which checks merely for the property's nonemptiness. This means that if ACL_MANAGE is set in system-local rules to "0", initially device's ACL will be left alone (70-acl.rules will see "0" and skip calling udev-acl), but when ConsoleKit subsequently calls udev-acl on user login, the permissions will be modified (as ACL_MANAGE=="0" is nonempty). To selectively disable ACL management for a device one has currently resort to a workaround of placing a local rule setting ACL_MANAGE="0" before 70-acl.rules, and another rule setting ACL_MANAGE="" after it. To fix it, extras/udev-acl/udev-acl.c:292 should be changed to read udev_enumerate_add_match_property(enumerate, "ACL_MANAGE", "1"); -- Rafał Rzepecki -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
