welcome

dnicholson Sun, 21 Jan 2007 09:50:22 -0800

Author: dnicholson
Date: 2007-01-21 10:50:20 -0700 (Sun, 21 Jan 2007)
New Revision: 6450


Modified:
   trunk/BOOK/general/sysutils/hal.xml
   trunk/BOOK/introduction/welcome/changelog.xml
Log:
HAL configuration to prevent methods on fixed drives


Modified: trunk/BOOK/general/sysutils/hal.xml
===================================================================
--- trunk/BOOK/general/sysutils/hal.xml 2007-01-21 17:02:21 UTC (rev 6449)
+++ trunk/BOOK/general/sysutils/hal.xml 2007-01-21 17:50:20 UTC (rev 6450)
@@ -317,6 +317,30 @@
       to have appropriate permissions to access the devices that
       <application>HAL</application> will invoke its methods on.</para>
 
+      <para>With the above configuration in place, authorized users now
+      have the ability to unmount disk partitions mounted at non-standard
+      locations such as <filename class='directory'>/pub</filename>. If
+      you'd like to restrict this policy to only drives which are considered
+      removable or hotpluggable, add the following configuration file as
+      the <systemitem class='username'>root</systemitem> user:</para>
+
+<screen role="root"><userinput>cat &gt; 
/etc/hal/fdi/policy/no-fixed-drives.fdi &lt;&lt; "EOF"
+<literal>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!-- -*- SGML -*- 
--&gt;
+
+&lt;!-- Don't allow HAL methods on disks that are not
+     removable or hotpluggable --&gt;
+
+&lt;deviceinfo version="0.2"&gt;
+&lt;device&gt;
+  &lt;match key="@block.storage_device:storage.hotpluggable" bool="false"&gt;
+    &lt;match key="@block.storage_device:storage.removable" bool="false"&gt;
+      &lt;merge key="volume.ignore" type="bool"&gt;true&lt;/merge&gt;
+    &lt;/match&gt;
+  &lt;/match&gt;
+&lt;/device&gt;
+&lt;/deviceinfo&gt;</literal>
+EOF</userinput></screen>
+
       <para><application>HAL</application> only provides the methods such
       as Mount() to act on hardware. In order to take advantage of these,
       a <application>HAL</application> event handler such as

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml       2007-01-21 17:02:21 UTC 
(rev 6449)
+++ trunk/BOOK/introduction/welcome/changelog.xml       2007-01-21 17:50:20 UTC 
(rev 6450)
@@ -45,6 +45,10 @@
       <para>January 21st, 2007</para>
       <itemizedlist>
         <listitem>
+          <para>[dnicholson] - Added optional configuration to HAL to
+          prevent methods on fixed disk drives.</para>
+        </listitem>
+        <listitem>
           <para>[dnicholson] - Fixed the X Input Devices User Notes link
           to point to a more appropriate place on the Wiki. Closes
           #2190.</para>

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

r6450 - in trunk/BOOK: general/sysutils introduction/welcome

Reply via email to