Mark McLoughlin | 1 Sep 08:33 2004
Picon

Re: [patch] fstab-sync mount point names

Hey,

On Tue, 2004-08-31 at 09:41, Alexander Larsson wrote:
> On Tue, 2004-08-31 at 09:33, Frederic Crozat wrote:
> > Well, if we can see the patch, maybe :)
> 
> I was pretty sure i attached it... Must have forgotten.

	Looks reasonably straightforward to me. Approval 1 of 2.

Cheers,
Mark.
Murray Cumming | 1 Sep 10:24 2004

Re: [patch] fstab-sync mount point names


> Hey,
>
> On Tue, 2004-08-31 at 09:41, Alexander Larsson wrote:
>> On Tue, 2004-08-31 at 09:33, Frederic Crozat wrote:
>> > Well, if we can see the patch, maybe :)
>>
>> I was pretty sure i attached it... Must have forgotten.
>
> 	Looks reasonably straightforward to me. Approval 1 of 2.

2 of 2.

Murray Cumming
murrayc <at> murrayc.com
www.murrayc.com
www.openismus.com
David Zeuthen | 3 Sep 20:41 2004
Picon

Re: Updated logging and security patches for hal 0.2.97

On Tue, 2004-08-31 at 12:39 +0200, Martin Pitt wrote:
> Hi David, hi Utopia readers!
> 
> I updated my patches for the upstream version 0.2.97. Since it is
> tedious to maintain them properly against the rapidly chaning hal
> code, would you consider applying at least some of them? 

Yeah. Sorry for the lag btw. 

I do think this is important to work on, however, as it is right now,
the callouts need to run as root and thus, effectively, hald needs to
run as root. I've discussed earlier having a helper process to do the
callouts; there might be other ways though.

> Most of the
> stuff fixes bugs and is completely independent from privilege dropping
> anyway and none of the patches are Debian specific.

How does this work; is the Debian package using --drop-privileges as
default?

> 01_log_to_syslog.patch: actually log to syslog, not to the void
> 

This I don't think is a good idea; hald should never log to the system
log, not even if an ioctl fails. If there is a bug in hald ask the user
to run with --daemon=no --verbose=yes.

> 02_ioctl_errors.patch: intercept unchecked ioctl calls and log
> failures
(Continue reading)

Martin Pitt | 3 Sep 22:01 2004
Picon

Re: Updated logging and security patches for hal 0.2.97

Hi David!

On 2004-09-03 20:41 +0200, David Zeuthen wrote:
> I do think this is important to work on, however, as it is right now,
> the callouts need to run as root and thus, effectively, hald needs to
> run as root. I've discussed earlier having a helper process to do the
> callouts; there might be other ways though.

Our Company's distribution does use another way; we do not mangle
fstab, but use a suid root wrapper around mount that allows users to
mount removeable devices if a certain policy is fulfilled. This way,
the amount of code that runs as root is kept to a minimum, fstab is
not touched any more and hald can run as normal user.

> > Most of the
> > stuff fixes bugs and is completely independent from privilege dropping
> > anyway and none of the patches are Debian specific.
> 
> How does this work; is the Debian package using --drop-privileges as
> default?

By now these changes are not contained in Debian, they are just
proposed as a patch (I'm not the maintainer of hal in Debian).
However, our Company's distribution uses this modified package for
quite a while now.

The patch proposed to Debian asks a Debconf question (default no)
whether hald should run as root. Our company then just needs to change
the default to yes and don't show the question.

(Continue reading)

Vincent Moreau | 9 Sep 15:09 2004
Picon

Administration preferences

I have just read that Longhorn will allow system administrators to disabled USB pen or music players to be ‘mounted’ on the system.

 

This may be usefull for entreprise that don’t want enployees to bring viruses or steal documents.

 

Maybe, it could be implemented somewhere in project-utopia.

 

 

_______________________________________________
utopia-list mailing list
utopia-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/utopia-list
Ed Mack | 9 Sep 18:16 2004

Re: Administration preferences

> This may be usefull for entreprise that don’t want enployees to bring
> viruses or steal documents.

Thats more for a general policy system, eg the pmount mount wrapper that
already exists (weather it will be included in the stack, I do not know)
Andrew | 13 Sep 14:14 2004
Picon

Nice to see some press coverage on all your work.

David et al,

Just read the O'Reilly piece on Utopia/HAL. Nice to see you getting some 
press on all your great work. You put the end to the question "I just 
plugged my blah-blah into my usb port, how do I get it to work?"  
Watching this all mature over the last 7 months, I don't think anyone 
could have done better. Even hal-device-manager, which I've heard you 
call a hack, is 10K times better than trying to walk /sys via ls and 
cat.  Utopia is a good description.

Andrew
Jono Bacon | 13 Sep 17:22 2004

Re: Nice to see some press coverage on all your work.

Hi,

> Just read the O'Reilly piece on Utopia/HAL. Nice to see you getting some 
> press on all your great work. You put the end to the question "I just 
> plugged my blah-blah into my usb port, how do I get it to work?"  
> Watching this all mature over the last 7 months, I don't think anyone 
> could have done better. Even hal-device-manager, which I've heard you 
> call a hack, is 10K times better than trying to walk /sys via ls and 
> cat.  Utopia is a good description.

I wrote that article and I am pleased that it has had such a good 
response. The response has not only been great about Project Utopia but 
also the problems facing the kernel. There is some great productive 
discussion going on within the different comments on the different sites 
the article was mentioned on.

	Jono

--

-- 
Jono Bacon - http://www.jonobacon.org/
Writer / Journalist / Consultant / Developer
David Zeuthen | 20 Sep 16:49 2004
Picon

[patch] gvm and locking


Hey Robert,

Here is a patch for gnome-volume-manager such that policy is not
enforced when media is inserted into a drive that another process has a
hal advisory lock on. 

This is useful as it solves the problem of g-v-m popping up a burn
Nautilus window when nautilus-cd-burner is asking me to insert a disc.
Hence, with this patch n-c-b can just lock the hal device object
representing the drive. Btw, I think Alexander Larsson is working on
such a patch for n-c-b.

The patch also bumps the requirement to the latest and greatest version
of hal as only this one got Joe's sweet locking code in.

Thanks,
David

Attachment (gvm-locking-1.patch): text/x-patch, 2531 bytes
_______________________________________________
utopia-list mailing list
utopia-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/utopia-list
Robert Love | 20 Sep 18:11 2004

Re: [patch] gvm and locking

On Mon, 2004-09-20 at 16:49 +0200, David Zeuthen wrote:

Hey David!

> Here is a patch for gnome-volume-manager such that policy is not
> enforced when media is inserted into a drive that another process has a
> hal advisory lock on. 
> 
> This is useful as it solves the problem of g-v-m popping up a burn
> Nautilus window when nautilus-cd-burner is asking me to insert a disc.
> Hence, with this patch n-c-b can just lock the hal device object
> representing the drive. Btw, I think Alexander Larsson is working on
> such a patch for n-c-b.
> 
> The patch also bumps the requirement to the latest and greatest version
> of hal as only this one got Joe's sweet locking code in.

Nice.  Patch merged to HEAD.

Thanks,

	Robert Love

Gmane