Riny Qian wrote: > > Darren J Moffat wrote: > >>>> DJM-2 2.7.2 ACLs for usb etc devices >>>> >>>> Are you saying that if user "bob" logins in on vt1 and >>>> user "alice" logins on vt2 then there will be an ACL of >>>> both of them on the audio and usb devices ? >>> Right. Actually at the begining, we wanted to group >>> all these devices (add a console group in the system, >>> and dynamically add/remove the logged in user into >>> the console group upon logging in/out. But ACL seems >>> better than group, so we chose ACL. [it was recommeded >>> by Casper Dik.] >> >> I agree that an ACL is much better than using a group. >> >> However see below for what appears to be a TX and >> device allocation interaction. >> >> >>>> I don't think this is a good idea. I'm also concerned >>>> about how this interacts with device allocation and >>>> Trusted Extensions. >>> We don't see any impact on the device allocation >>> and Trusted Extensions. >> >> What label are the vt devices running at when TX is >> enabled ? >> >> What happens in this (on TX) case: >> >> User bob logs in graphically with gdm/dtlogin and allocates >> the audio device. This means that the audio device >> should only able available to bob. >> >> Now User alice does a login to /dev/vt2, from what you >> said above there would be an ACL added for Alice even >> though the device is owned by bob because allocate(1M) >> changed the ownership. >> >> That seems wrong and completely counter to the whole >> purpose of device allocation. >> >> So I believe you do have interaction with device allocation. At least >> based on the documentation you have provided, or some >> how it isn't clear to me how this works with >> device allocation. > > > Currently (without virtual console), both logindevperm(4) and > allocate(1) are not aware of each other (even non-TX): > Rlogin to a system on which nobody has logged in; allocate > audio device to Bob, then Bob will own the audio device ( > BSM is enabled); Then Alice logs in on the system console, > and Alice owns the audio device; When Alice exits, the audio > device is owned by root.
I agree that this is a current problem. Bob just looses access to the device he had allocated and Alice gets it instead for the duration of her login. > In fact, as long as there's more than one program managing these > devices, there's conflict. Agreed. > So it seems that our ACL proposal for other console devices in > /etc/logindevperm is fine, and it does not introduce any regression. What your proposal does is allow multiple people access to the device at the same time. That isn't possible today. I believe that makes it worse because now you have the potential for them both to be trying to use the device at the same time. -- Darren J Moffat