Interesting read, thanks!
The ACL logic though doesn't seem quite right.
Having to do SHA digests on binaries to be sure you're granting access
to the right program doesn't seem correct at all. It's fragile: if the
program is updated with a new version it will stop working until the ACL
is updated, and if it starts using a helper program that will have to be
added to the ACL as well.
I wonder if it's possible to use session-id instead?
Looking quickly through the code, I couldn't see any way that it can
*revoke* access. i.e. you've got a session for user 'A', and then switch
to a new session for user 'B'. User 'A' should no longer have access to
things like the microphone, or the camera. If they've already got
/dev/video0 opened, then their file descriptor needs to be closed (or
rendered inoperative in some other way).
Luke
On 02/01/15 08:58, Jude Nelson wrote:
> Hey everyone,
>
> I just thought I'd post an update on vdev, since I'd mentioned earlier
> that I was shooting for packages by now. It will take a couple more
> days, but I'm pleased to say that the pre-alpha vdev can do the following:
>
> * populate itself with all block and char devices known to sysfs
> * hide or change the permissions on devices based on which process is asking
> * run shell scripts as a result of devices appearing or getting removed
> * create device nodes with user-defined paths
>
> I've added automatic build and packaging scripts to vdev and its
> dependencies (fskit and libpstat) if you're brave enough to play around
> with it :) Don't try using it for early boot, though--that's not yet
> tested.
>
> I've also written a design document here, with a development roadmap:
> http://judecnelson.blogspot.com/2015/01/introducing-vdev.html
>
> Happy Gregorian New Year!
> -Jude
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>