diff options
| author | Danny Kukawka <danny.kukawka@web.de> | 2009-02-13 15:48:21 +0100 |
|---|---|---|
| committer | Danny Kukawka <danny.kukawka@web.de> | 2009-02-13 15:48:21 +0100 |
| commit | 7d368270dc1737f398cb4226aa5385641601af7f (patch) | |
| tree | 2f4d46fa3a1b67de076a56db031ebac2b4954da8 | |
| parent | 9ff3ffe362c2d72a393aa4cde5c94950e26aeac7 (diff) | |
fix problems with removable-block policy and floppy devs
Fixed problems with removable-block policy and floppy devices.
Moved removable-block part to the end of the file and added a
check if a device as already a rule to prevent overwriting
already set floppy or other policy. (bnc#471514)
| -rw-r--r-- | fdi/policy/10osvendor/20-acl-management.fdi | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/fdi/policy/10osvendor/20-acl-management.fdi b/fdi/policy/10osvendor/20-acl-management.fdi index 98f8c88c..a276e98c 100644 --- a/fdi/policy/10osvendor/20-acl-management.fdi +++ b/fdi/policy/10osvendor/20-acl-management.fdi @@ -34,26 +34,6 @@ </match> </match> - <!-- Removable block devices --> - <match key="info.capabilities" contains="block"> - <match key="block.device" exists="true"> - <match key="@block.storage_device:storage.removable" bool="true"> - <!-- do not set acls on unpartitioned volumes, parent gets them --> - <match key="block.is_volume" bool="true"> - <match key="volume.is_partition" bool="true"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">block.device</merge> - <merge key="access_control.type" type="string">removable-block</merge> - </match> - </match> - <match key="block.is_volume" bool="false"> - <addset key="info.capabilities" type="strlist">access_control</addset> - <merge key="access_control.file" type="copy_property">block.device</merge> - <merge key="access_control.type" type="string">removable-block</merge> - </match> - </match> - </match> - </match> <!-- optical drives --> <match key="info.capabilities" contains="storage.cdrom"> @@ -247,6 +227,31 @@ </match> </match> + <!-- Removable block devices --> + <match key="info.capabilities" contains="block"> + <!-- Don't set removable-block policy to devices which have already another policy + as e.g. floppy devices !!! --> + <match key="access_control.type" exists="false"> + <match key="block.device" exists="true"> + <match key="@block.storage_device:storage.removable" bool="true"> + <!-- do not set acls on unpartitioned volumes, parent gets them --> + <match key="block.is_volume" bool="true"> + <match key="volume.is_partition" bool="true"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">block.device</merge> + <merge key="access_control.type" type="string">removable-block</merge> + </match> + </match> + <match key="block.is_volume" bool="false"> + <addset key="info.capabilities" type="strlist">access_control</addset> + <merge key="access_control.file" type="copy_property">block.device</merge> + <merge key="access_control.type" type="string">removable-block</merge> + </match> + </match> + </match> + </match> + </match> + <!-- enforcement of policy goes here --> <!-- add / remove ACL's when devices are added and removed --> |