[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop
Chris Cox
cjcox at acm.org
Fri Jan 25 18:37:15 CST 2008
Ted Gould wrote:
> On Thu, 2008-01-24 at 23:18 -0600, Chris Cox wrote:
>> Robert Pearson wrote:
>>> How would you control access to these devices to include some users
>>> and exclude others?
>> Well... my guess is that perhaps PolicyKit would allow one to
>> define devices for access differently between users. Not exactly
>> the panacea everything to everyone idea... more like this user
>> can do these kinds of things with these kinds of devices.
>
> Yes, it should. But considering PolicyKit isn't really out in the wild,
> and you're commenting on how it is done today (while mentioning that the
> *Kits are useless) they don't really gel. Yes, PolicyKit will help to
> fix this issue, but that's the future. Today we don't have a security
> framework that can deal with that complexity.
>
>>> Perhaps there is a simple Security design. Sometimes I complicate things.
>>> The "Rule of Thumb" in the past was "Better Safe Than Sorry" so access
>>> was very restrictive for private Information in public places.
>> Complicated security implementations usually end up dying. Just
>> my own observation.
>
> Are you saying that PolicyKit will die? AppArmor? SELinux?
AppArmor is simple... but may die just because. SELinux... sheesh...
must die. We'll have to see how PolicyKit comes out. I may be
very useful. Or it could be the UCE of Linux, not enough
benefit to be useful (especially if painful to configure or if
it doesn't make sense).
More information about the Discuss
mailing list