r6450 - in trunk/BOOK: general/sysutils introduction/welcome

dnicholson at linuxfromscratch.org dnicholson at linuxfromscratch.org
Sun Jan 21 09:50:20 PST 2007


Author: dnicholson
Date: 2007-01-21 10:50:20 -0700 (Sun, 21 Jan 2007)
New Revision: 6450

Modified:
   trunk/BOOK/general/sysutils/hal.xml
   trunk/BOOK/introduction/welcome/changelog.xml
Log:
HAL configuration to prevent methods on fixed drives


Modified: trunk/BOOK/general/sysutils/hal.xml
===================================================================
--- trunk/BOOK/general/sysutils/hal.xml	2007-01-21 17:02:21 UTC (rev 6449)
+++ trunk/BOOK/general/sysutils/hal.xml	2007-01-21 17:50:20 UTC (rev 6450)
@@ -317,6 +317,30 @@
       to have appropriate permissions to access the devices that
       <application>HAL</application> will invoke its methods on.</para>
 
+      <para>With the above configuration in place, authorized users now
+      have the ability to unmount disk partitions mounted at non-standard
+      locations such as <filename class='directory'>/pub</filename>. If
+      you'd like to restrict this policy to only drives which are considered
+      removable or hotpluggable, add the following configuration file as
+      the <systemitem class='username'>root</systemitem> user:</para>
+
+<screen role="root"><userinput>cat > /etc/hal/fdi/policy/no-fixed-drives.fdi << "EOF"
+<literal><?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
+
+<!-- Don't allow HAL methods on disks that are not
+     removable or hotpluggable -->
+
+<deviceinfo version="0.2">
+<device>
+  <match key="@block.storage_device:storage.hotpluggable" bool="false">
+    <match key="@block.storage_device:storage.removable" bool="false">
+      <merge key="volume.ignore" type="bool">true</merge>
+    </match>
+  </match>
+</device>
+</deviceinfo></literal>
+EOF</userinput></screen>
+
       <para><application>HAL</application> only provides the methods such
       as Mount() to act on hardware. In order to take advantage of these,
       a <application>HAL</application> event handler such as

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2007-01-21 17:02:21 UTC (rev 6449)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2007-01-21 17:50:20 UTC (rev 6450)
@@ -45,6 +45,10 @@
       <para>January 21st, 2007</para>
       <itemizedlist>
         <listitem>
+          <para>[dnicholson] - Added optional configuration to HAL to
+          prevent methods on fixed disk drives.</para>
+        </listitem>
+        <listitem>
           <para>[dnicholson] - Fixed the X Input Devices User Notes link
           to point to a more appropriate place on the Wiki. Closes
           #2190.</para>




More information about the blfs-book mailing list