Hi Henrique, > > any user program with proper rights (remember that /dev/rfkill can now > > be controlled by Unix permissions and SELinux) can bring up a specific > > device. That is policy and it belongs in userspace. > > If I hardkill (EPO) the devices, I want them to stay hardkilled, and only a > system daemon (if that) should be able to mess with that. > > I very much doubt I am the only one who see things that way :-) > > I'd like to keep working towards that goal (no, we're not there yet), and > not away from it. please re-read my reply. The permission of the /dev/rfkill device are up to the distributions now. They can use UID/GID permissions and also SELinux to enforce them. However this again is policy that is up to userspace and we leave it there. If you don't wanna have anybody else mess with RFKILL states, then make /dev/rfkill read/write only by root. If you don't wanna have anybody mess with it, make it read-only for all I care. And let me repeat this, the concept of EPO is a policy and not something the kernel should enforce by itself. > > This of course only works on soft blocked devices. The hard blocked > > devices stay off. And in case of ThinkPads where the button does the > > hard block, you can't bring it back from software. > > Yes. But the rfkill core is also meant to bring some band-aid help to the > devices that the hardware can't kill by itself. That's good usability. And that is again policy that is up to the userspace. If there is no hard kill-line available, software or band-aid fixes don't help. It is like putting a sheet of paper over a hole ;) Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
