Changeset befd6fb

Timestamp:

01/21/2007 05:50:20 PM (16 years ago)

Author:

Dan Nichilson <dnicholson@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, ken/inkscape-core-mods, krejzi/svn, lazarus, nosym, perl-modules, plabs/python-mods, qt5new, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/soup3, xry111/test-20220226

Children:

648e8bc

Parents:

468419d

Message:

HAL configuration to prevent methods on fixed drives

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6450 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general/sysutils/hal.xml (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)

general/sysutils/hal.xml

@@ -318 +318 @@
       <application>HAL</application> will invoke its methods on.</para>
 
+      <para>With the above configuration in place, authorized users now
+      have the ability to unmount disk partitions mounted at non-standard
+      locations such as <filename class='directory'>/pub</filename>. If
+      you'd like to restrict this policy to only drives which are considered
+      removable or hotpluggable, add the following configuration file as
+      the <systemitem class='username'>root</systemitem> user:</para>
+
+<screen role="root"><userinput>cat &gt; /etc/hal/fdi/policy/no-fixed-drives.fdi &lt;&lt; "EOF"
+<literal>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!-- -*- SGML -*- --&gt;
+
+&lt;!-- Don't allow HAL methods on disks that are not
+     removable or hotpluggable --&gt;
+
+&lt;deviceinfo version="0.2"&gt;
+&lt;device&gt;
+  &lt;match key="@block.storage_device:storage.hotpluggable" bool="false"&gt;
+    &lt;match key="@block.storage_device:storage.removable" bool="false"&gt;
+      &lt;merge key="volume.ignore" type="bool"&gt;true&lt;/merge&gt;
+    &lt;/match&gt;
+  &lt;/match&gt;
+&lt;/device&gt;
+&lt;/deviceinfo&gt;</literal>
+EOF</userinput></screen>
+
       <para><application>HAL</application> only provides the methods such
       as Mount() to act on hardware. In order to take advantage of these,

introduction/welcome/changelog.xml

@@ -46 +46 @@
       <itemizedlist>
         <listitem>
+          <para>[dnicholson] - Added optional configuration to HAL to
+          prevent methods on fixed disk drives.</para>
+        </listitem>
+        <listitem>
           <para>[dnicholson] - Fixed the X Input Devices User Notes link
           to point to a more appropriate place on the Wiki. Closes