vdev device event access-control helper

jcnelson / vdev

A device-file manager for *nix

GNU General Public License v3.0

101 stars 13 forks source link

vdev device event access-control helper #20

Closed jcnelson closed 9 years ago

jcnelson commented 9 years ago

To help filter device events to libudev-compat programs on a per-process basis in a scriptable manner, create a "vdev_allowpid" binary (or the like) that takes a PID and one or more uevent "key=value" strings as arguments and exits 0 if the process is allowed to see a device event (according to /etc/libudev-compat/*.conf ACLs) and exit 1 if not.

jcnelson commented 9 years ago

We can do better: propagate uevents as files to /dev/events/libudev-$PID, and have libudev-compat watch its own /dev/events/libudev-$PID for packets. It's up to the device manager to be judicious in propagating events--there doesn't need to be a "vdev_allowpid" binary per se; just a helper script that does the propagation according to some policy. This is already supported.

jcnelson commented 9 years ago

So, the real issue here is, "make a helper that runs event-put to send the uevent contents on to interested listeners." This should be added as part of the udev-compat.sh helper.

jcnelson commented 9 years ago

This is confirmed working with other Devuan users. Closing for now.