On 02.01.2015 20:43, Jude Nelson wrote:
Hi,
> I should point out, the ACL criteria for matching processes do not all
> have to be specified, specifically for the reason you point out. Using
> the SHA256 to match the process should be a tool of last resort, useful
> only when the executable's path, inode number, and PID listing commands
> are unreliable (for example, a program that runs from an arbitrary
> location but for which no PID listing program can be created).
I dont believe ACLs are a good idea anyways. They introduce yet another
(orthogonal) dimension to the system, so heavily increase management
complexity. For example, it's hard to trace problems that way, if /dev
layout heavily depends on the calling process.
Instead I'd suggest using chroot's / namespaces for isolation.
> As much as I would like to revoke file descriptors, I'm afraid there's
> no way to do this that I know of without the kernel's help (but I'd love
> to learn of one).
I'd rather raise the question whether that's useful at all.
IMHO, there're two main scenarios:
a) remaining processes after logout
--> should be killed anyways (eg. via cgroups, etc)
b) physical devices should be assigned temporarily to some session, eg.
when switching VTs.
--> we need some proxy server for that, which handles the switchover
gracefully
For most devices, which unprivileged users get access to (eg. audio),
IMHO should be routed via some server anyways - (most) other devices
should only be available to special privileged users (eg. DRI for
Xserver, etc).
cu
--
Enrico Weigelt,
metux IT consulting
+49-151-27565287