FS#16283 - [hal] acl rules for devices go in conflict with permissions defined by groups assignment
Attached to Project:
Arch Linux
Opened by Giulio Fidente (giulivo) - Sunday, 20 September 2009, 15:12 GMT
Last edited by Jan de Groot (JGC) - Sunday, 08 November 2009, 22:24 GMT
Opened by Giulio Fidente (giulivo) - Sunday, 20 September 2009, 15:12 GMT
Last edited by Jan de Groot (JGC) - Sunday, 08 November 2009, 22:24 GMT
|
Details
Description:
hal acl rules for devices go in conflict with the more granular permissions defined by groups assignment; users logged for example via gdm will get rw permissions on snd/* or scd* devices even if they're not part of audio nor optical groups the hal policy file responsbile of the acl definition is /usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi , it seems to have been created at build time with the "--enable-acl-management" option used to build the hal package Additional info: * package version for hal is 0.5.13-2 Steps to reproduce: login using gdm with a standard user, who is not part of the "audio" group by default, it'll still be able to use snd/* devices because of the acl added by hal |
This task depends upon
Closed by Jan de Groot (JGC)
Sunday, 08 November 2009, 22:24 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0.5.13-3 (testing)
Sunday, 08 November 2009, 22:24 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0.5.13-3 (testing)
Comment by Jan de Groot (JGC) -
Sunday, 20 September 2009, 15:30 GMT
Using ACLs is recommended by udev people, the group membership is
considered deprecated. As for the ACL management, AFAIK udev
integrates this functionality itself and gets triggered by
consolekit logins. Hal shouldn't do this anymore as udev already
does this.