First boot with 20040908 changes

Jeff Spaleta jspaleta at gmail.com
Thu Sep 9 19:07:24 UTC 2004


On Thu, 09 Sep 2004 20:21:00 +0200, David Zeuthen <david at fubar.dk> wrote:
> I'm not sure I agree: if one cares about security one is using
> filesystems with uid/gid attributes anyway. That said, however, it might
> be useful to have a configuration file fstab-sync to explicitly specify
> don't add this or that drive. And in the longterm finetune the mount
> point names, e.g. using labels or whatnot.

I think if someone wants to approach this from a locked down system
point of view,
you'd want to have a a policy of no devices allowed by default with
specific devices allowed via administrative control.  As compared to a
policy of everything by default with a list of devices disallowed.
Though of course both approaches will have their uses.

I'm still poking at figuring out how to break hal in spectacular
ways... but are the files in
/usr/share/hal/fdi  useful for creating locally defined policy of this sort?

-jef





More information about the fedora-devel-list mailing list