Tails

#1 Updated by anonym 2014-11-18 15:30:31

Pushed a fix (adding the udev rule in the bug description) in commit e17007c, but I’m not sure it’s the best way to do solve this.

#2 Updated by intrigeri 2014-11-25 20:38:24

IMO, next steps are:

• to list what exact operations Tails Installer needs direct write access to the block device for. And then, we can evaluate how hard it would be to delegate these operations to privileged helpers
• to check this udev rule has been removed (upstream? from Debian?); I suspect that’s because nowadays, most operations that need such access can be done via UDisks and its frontends. If we decide to keep this rule in the end, I think that we should drop the ieee1394 and pcmcia bits, though.

#3 Updated by intrigeri 2014-11-25 21:06:09

The rule that gave removable devices to group floppy was a Debian-ism, that was removed some time ago to lower the maintenance cost of the package. It won’t be back (https://bugs.debian.org/751892), but it apparently wasn’t removed due to security concerns.

So, my take on it is: if we need this rule, then let’s keep it. However, I think we should keep skipping rules when ACTION=="remove", as Wheezy’s /lib/udev/rules.d/91-permissions.rules does (just to be on the safe side, in case it’s not merely a performance optimization).

#4 Updated by anonym 2014-11-26 20:34:57

intrigeri wrote:
> If we decide to keep this rule in the end, I think that we should drop the ieee1394 and pcmcia bits, though.

Done in commit cd3979f.

> So, my take on it is: if we need this rule, then let’s keep it. However, I think we should keep skipping rules when ACTION=="remove", as Wheezy’s /lib/udev/rules.d/91-permissions.rules does (just to be on the safe side, in case it’s not merely a performance optimization).

Makes sense, but I think I prefer to do it only on ACTION=="add" instead. Done in commit fafef62.