hal-resmgr


Table of Contents

1. Introduction
2. Interface to HAL
3. Configuration Examples

1. Introduction

hal-resmgr is an optional separate program that can be used as callout from hald and resmgrd to install ACLs on device files. It's linked against dbus and hal to be able to communicate with hald.

2. Interface to HAL

Devices that should be processed by hal-resmgr need to be tagged. The fdi file resmgr.fdi (installed as /etc/hal/fdi/policy/90osvendor/80-resmgr.fdi) does that by merging resmgr specific properties into hal.

The following properties are supported:

resmgr.class (string)

the resmgr class the device should added to

resmgr.device (string)

the path to the device node that should be used. If it's empty the properties block.device and linux.device_file are checked in that order instead.

To make hald actually run hal-resmgr one needs to add hal-resmgr to the strlist properties info.callouts.add and info.callouts.remove. /etc/hal/fdi/policy/90osvendor/80-resmgr.fdi does that automatically for all devices that have resmgr.class set.

3. Configuration Examples

To tell hal-resmgr that a device with vendor id 0x1234 and product id 0x5678 should be treated as class scanner, create a file /etc/hal/fdi/policy/20user/50-scanner.fdi (you may need to create the directory /etc/hal/fdi/policy/20user first) with the following content:

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
  <device>
    <match key="info.bus" string="usb_device">
      <match key="usb_device.vendor_id" int="0x0ccd">
        <match key="usb_device.product_id" int="0x0038">
          <merge key="resmgr.class" type="string">scanner</merge>
        </match>
      </match>
    </match>
  </device>
</deviceinfo>

Another example for a fictional device that is known to hal:

# cat <<EOF > /etc/hal/fdi/policy/20user/50-missilelauncher.fdi
<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
  <device>
    <match key="linux.device_file" string="/dev/missilelauncher">
      <merge key="resmgr.class" type="string">wmd</merge>
    </match>
  </device>
</deviceinfo>
EOF
# cat <<EOF > /etc/resmgr.conf.d/50-wmd.conf
## define a new class 'wmd'
class wmd

## grant access to class 'wmd' when access to 'desktop' is granted
## (ie everyone on a local console)
class desktop includes wmd

## maybe you want to restrict access to 'wmd' to members of a group instead
#allow wmd group=generals
EOF
# rcresmgr restart
# rchal restart