On Tue, Feb 18, 2025, at 10:18, Windl, Ulrich wrote: > Hi! > > Did you consider using ACLs instead of changing owner and group? However I must admit I never tried it with devices. > So my idea was to add an ACL for pcscd when the service is in use and drop that right if the service is not active. > You could even query the ACL to use it as “locked flag”. Yes, I considered it. ACLs seem like a good solution. The only reason I'm not going for it is that udev rules don't provide a builtin way to add ACLs that I can see. So I'll need to use RUN setfacl which seems not so nice to me. Although in my system I do see that at least `brltty` rules seem to do exactly that... Ran
Re: [EXT] Best practice for giving a system daemon access to smartcard readers
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [EXT] Best practice for giving a system daemon access to smartcard readers
- From: "Ran Benita" <ran@xxxxxxxxxxxxx>
- Date: Tue, 18 Feb 2025 20:24:07 +0200
- Feedback-id: i5ea94479:Fastmail
- In-reply-to: <978fe53f1ad64039a782b8bcc5fd85ae@ukr.de>
- References: <c4853a5a-87b8-4b03-9f8f-92eccc9dd963@app.fastmail.com> <978fe53f1ad64039a782b8bcc5fd85ae@ukr.de>
- References:
- Best practice for giving a system daemon access to smartcard readers
- From: Ran Benita
- Re: [EXT] Best practice for giving a system daemon access to smartcard readers
- From: Windl, Ulrich
- Best practice for giving a system daemon access to smartcard readers
- Prev by Date: Re: Starting a container with machinectl vs nspawn
- Next by Date: Re: Improving boot time of systemd based initrd?
- Previous by thread: Re: [EXT] Best practice for giving a system daemon access to smartcard readers
- Next by thread: RuntimeDirectory for ephemeral chroot environment
- Index(es):
 |