On Thu, 2006-01-12 at 12:59 +0100, Martin Pitt wrote:
<snip>
> (who still does not understand why everybody else seems to ignore
> dbus' wonderful way of separating privileges with dbus services and
> instead uses the old centralized daemon way.)
Martin, do you mean like this:
<!-- Default policy for the exported interfaces -->
<policy context="default">
<deny
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<deny send_interface="org.freedesktop.Hal.Device.Volume"/>
<deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
<!-- This will not work if pam_console support is not enabled -->
<policy at_console="true">
<allow
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
<!-- You can change this to a more suitable user, or make per-group
-->
<policy user="0">
<allow
send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
<allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume"/>
<allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>
Or am I missing the point?
Richard.
_______________________________________________
utopia-list mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/utopia-list
