[Pkg-utopia-commits] r3260 - in /packages/unstable/hal/debian: changelog patches/01_at_console.patch patches/series
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Thu Nov 19 01:24:13 UTC 2009
Author: biebl
Date: Thu Nov 19 01:24:12 2009
New Revision: 3260
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3260
Log:
Lockdown Hal using D-Bus policies.
* debian/patches/01_at_console.patch
- Restrict access to the Hal D-Bus service using "at_console" and
alternatively group powerdev/plugdev.
Added:
packages/unstable/hal/debian/patches/01_at_console.patch
Modified:
packages/unstable/hal/debian/changelog
packages/unstable/hal/debian/patches/series
Modified: packages/unstable/hal/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/changelog?rev=3260&op=diff
==============================================================================
--- packages/unstable/hal/debian/changelog (original)
+++ packages/unstable/hal/debian/changelog Thu Nov 19 01:24:12 2009
@@ -19,6 +19,9 @@
- Remove polkit-auth call.
* debian/patches/10-no-polkit-policy-file-validate-check.patch
- Drop this patch, obsolete.
+ * debian/patches/01_at_console.patch
+ - Restrict access to the HAL D-Bus service using "at_console" and
+ alternatively group powerdev/plugdev.
-- Michael Biebl <biebl at debian.org> Tue, 17 Nov 2009 17:57:35 -0600
Added: packages/unstable/hal/debian/patches/01_at_console.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/01_at_console.patch?rev=3260&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/01_at_console.patch (added)
+++ packages/unstable/hal/debian/patches/01_at_console.patch Thu Nov 19 01:24:12 2009
@@ -1,0 +1,74 @@
+Index: hal-0.5.13/hal.conf.in
+===================================================================
+--- hal-0.5.13.orig/hal.conf.in 2009-11-18 18:37:40.718523671 -0600
++++ hal-0.5.13/hal.conf.in 2009-11-18 18:38:41.822525158 -0600
+@@ -25,7 +25,69 @@
+ send_interface="org.freedesktop.Hal.Device"/>
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Manager"/>
++ </policy>
++
++ <!-- Only allow users at the local console to manipulate devices,
++ requires consolekit -->
++ <policy at_console="true">
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.DockStation"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Leds"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.LightSensor"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Volume"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
++ </policy>
++
++ <!-- Debian group policies -->
++ <policy group="powerdev">
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.DockStation"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Leds"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.LightSensor"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
++ </policy>
++ <policy group="plugdev">
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Volume"/>
++ <allow send_destination="org.freedesktop.Hal"
++ send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ </policy>
+
++ <!-- well,...and root too -->
++ <policy user="root">
+ <allow send_destination="org.freedesktop.Hal"
+ send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+ <allow send_destination="org.freedesktop.Hal"
Modified: packages/unstable/hal/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/series?rev=3260&op=diff
==============================================================================
--- packages/unstable/hal/debian/patches/series (original)
+++ packages/unstable/hal/debian/patches/series Thu Nov 19 01:24:12 2009
@@ -1,4 +1,5 @@
# Debian patches for hal
+01_at_console.patch
20_cpufreq_warning_message_fix.patch
21_fix_segfault_in_hal_util_get_last_element.patch
22_fix_unconditional_usage_of_PATH_MAX.patch
More information about the Pkg-utopia-commits
mailing list