Access to cd device denied for cdp

Thomas Molina tmolina at cablespeed.com
Fri Apr 30 10:23:44 UTC 2004


On Thu, 29 Apr 2004, Lamont R. Peterson wrote:

> On Wed, 2004-04-28 at 16:42, Thomas Molina wrote:
> > Please do not use that abomination called kudzu to determine policy.  
> > 
> > First off, userland tools have no place in determining policy in my 
> > opinion, especially not in the case of removable media.
> > 
> > Secondly, I despise kudzu.  It is an abomination which get removed 
> > forthwith from any system I maintain.
> 
> Oh, come on now, Thomas, please, don't hold back; tell us how you really
> feel :-).
> 
> Seriously, though, I am curious to know what is wrong, here.  Aside from
> the fact that kudzu is for hardware detection and SELinux is not
> hardware, why is kudzu (in your opinion) is so "evil"?

All hyperbole aside, it is a userland tool which has the potential to 
affect policy with unintended consequences.  I have seen it mess up 
hardware detection enough that I don't don't trust it.  

While there is a need for a hardware detection tool for setting up a 
system, I don't believe it is something which needs to be run as a 
background daemon as RedHat has it set up.  We have hotplug and friends 
for USB and those parts of the system designed to have components 
dynamically added and removed.



More information about the fedora-selinux-list mailing list