On Sat, Mar 19, 2016 at 03:12:08PM +0100, Michael van Elst wrote: > Changing ownerships of the filesystem entries isn't sufficient. > After all some ugen* can be changed quickly.
I expected devpubd to deal with that for us - not sure what you mean here. > I'd prefer either some separate ACLs specific to USB devices or > even some generic device property that could be maintained using > drvctl. I wouldn't make it usb specific (why should we?) but maybe implement it on a driver-by-driver basis starting with ugen and umass. > The ACL would be evaluated in addition to filesystem > permissions and would match attributes like class/vendor/product/serial/... > The driver and/or a sysctl setting could determine how an empty > ACL is handled, probably defaulting to the current behaviour. Whet is the entitled entitiy of the ACL? uid:gid tuples? Is the console owner handled differently? Martin
