On Mon, 7 May 2012 20:57:19 -0400 David Zeuthen wrote: > > That would still allow the user davidz to unmount /boot / etc.. > > Sure - there's no way for udisks to tell them apart. >
There is fstab, there is udev which provides all that info (removable or not) and the kernel, there's also the root user as sudo listens to and sudo itself reports what users are doing. I guess I could spend time changing the parts which aren't broken to using udisks mount or more easily and so more likely look into adding an unmount button to nautilus or elsewhere or investigate spacefm or talk to the nautilus devs. I just figured it would be better to align with upstream. Any idea why nautilus only shows the mount point (as well as mount device) for a split second as that is what offered the interface to unmount (unmount right-click option). Unfortunately I can't remove udisks2 without removing nautilus and they both updated at the same time. Maybe I could force udisk2 removal, to see if that's a bug in nautilus? This broke likely either due to installed udisks2 (1.94.0-1) or upgraded nautilus (3.2.1-1 -> 3.4.1-1). > > That's not something that fits into my security policy? > > Well, if you have such needs, then perhaps you shouldn't be mounting > USB devices as uid 0 from udev rules. Then I'd lose features. Here I was, thinking unix was about usability and simplicity not commandment and complexity. OpenBSDs hotplugd fits that traditional bill just fine. It may not be your remit but perhaps you could also look into why the copy progress bar is now far worse than linux devs used to criticise Windows for. Again OpenBSD have solved that working far better than windows whilst keeping buffering, admittedly it stops and starts every few seconds which isn't a completely true reflection of what's happening in the background, so it's not perfect, but atleast it ends on time. Ok, so does udisks not call an unmount via udisksctl that I can wrap to drop permissions and utilise sudo? p.s. polkit's configuration system (multiple locations, lack of example, etc.) and documentation is an absolute mess and an embarassment to unix and also includes incorrect information about sudo, perhaps you know the people to shake up about that before people wonder any more whether redhat want Linux to be more difficult to use and support for financial reasons. Grsecurities RBAC has a good central config to look at. _______________________________________________ devkit-devel mailing list devkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/devkit-devel
