Heya, Here's a big patch to add user tracking to the device object. Only the user/process that called ClaimDevice can subsequently use that device.
I'm also thinking about adding PolicyKit to the whole mix. Should I make PolicyKit a hard dependency, or a compile-time one? Finally, I'm seeing problems with the D-Bus API. Currently, the daemon always runs as a root (or close to root once I figure out how we can give fprintd access to just the right USB devices). We can identify which user is currently using the interface, but: - we couldn't easily say that a particular user can't enroll any more fingerprints, but can verify - we can't use pam (which runs as root) as we don't have a way to supply a UID for verification - we can't build a user management tool (which would run as a particular user, but use PolicyKit to get more powers). So I think that we should: - kill Claim/Release, and claim/release devices when we actually need access to the hardware - add a single call to change the UID to work on, we would (by default, and probably more finely-grained with PolicyKit support) only allow root to change the active UID, and single users to set it to theirs. This would allow us to fix the second use cases. With PolicyKit support we could fix the user management tool to not have to run as root, as well as the first use case. What do you think? Cheers
0003-Add-user-tracking-when-claiming-a-device.patch
Description: application/mbox
_______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
