On Sat, Mar 23, 2013 at 12:16 AM, Lennart Poettering <[email protected]> wrote: > On Tue, 19.03.13 17:36, Ludwig Nussel ([email protected]) wrote: > >> useful to get ACLs on files, sockets etc not known to udev > > Can't say I like this one. Sounds like an awful lot of code to me to > support evil closed source drivers. > > Kay, what do you say? > > If we could find a simpler way (for example, a list setting in > logind.conf) and emphasize that this is for any file, for example > sockets/fifos, this might be more palatable to me, but I still don't > like it.
If possible, I would avoid another setting. We should rather look into making the "dead" device nodes exported by the kernel in: /lib/modules/$(uname -r)/modules.devname work with ACLs. This does not only solve the problems with proprietary modules, they would just ship their device node info in the module itself. But would also apply the ACL to things like: /dev/snd/seq where ordinary users cannot trigger the on-demand module-load. The ACL will only be applied after the module is loaded. It's all not that trivial, but solvable I guess. The config for the ACLs and the permissions is stored in udev rules, and we would need to export that somehow to the uaccess code. Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
