On Sun, Mar 25, 2012 at 20:31, Ian Malone <[email protected]> wrote: > Hi, I've posted this to the Fedora developers list, but maybe it's > more appropriate here. Since writing it I've confirmed the uaccess TAG > does what I expect, but I'm not sure having that set directly by the > device rule would be approved in a package to include in Fedora.
Ideally nothing should directly 'execute the policy' by setting the 'uaccess' tag for systemd. It should be indirectly set by using a variable that classifies a certain device class which administrators might want to grant or not grant access to logged-in users. Currently all variables recognized in the uaccess rules file set the tag, but that could change in the future, whenever some more fine-grained policy might be needed. Current generic device classes are: ID_CDROM ID_SMARTCARD_READER ID_FFADO ID_PDA ID_REMOTE_CONTROL ID_MEDIA_PLAYER Just invent some useful generic name for the type of device. :) And we can add that to the uaccess rules. Using the indirection over the device class is also potentially compatible with the deprecated ConsoleKit/udev-acl tool, which is used on non-systemd systems. Thanks, Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
