-1#!/bin/sh
+#!/bin/sh
set -o errexit
# First argument of this script is the package name.
--sysconfdir=/etc \
--libexecdir=/usr/lib/hal \
--localstatedir=/var \
- --disable-policy-kit \
+ --with-udev-prefix=/etc \
${CONFIGURE_OPTS}
make
make install
# script-name start stop
bootscript_add_rc3 hald 93 19
+# The default setup for HAL is to allow only certain users to invoke methods
+# such as Mount(). These are the root user and the user determined to be at the
+# active console using pam_console. If you are not set up to use
+# Linux-PAM-1.1.1 and pam_console, create a group that is allowed to invoke HAL
+# methods with the following commands:
+hv_groupadd -g 61 halusers
+cat > /etc/dbus-1/system.d/halusers.conf << "EOF"
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Allow users in the halusers group invoke HAL methods -->
+ <policy group="halusers">
+ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+ <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+ <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+ </policy>
+
+</busconfig>
+EOF
+
+# Now add the users you would like to the halusers group to use HAL:
+usermod -a -G halusers ${REGUSER}
+
+# With the above configuration in place, authorized users now have the ability
+# to unmount disk partitions mounted at non-standard locations such as /pub.
+# If you'd like to restrict this policy to only drives which are considered
+# removable or hotpluggable, add the following configuration file as the root user:
+cat > /etc/hal/fdi/policy/no-fixed-drives.fdi << "EOF"
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
+
+<!-- Don't allow HAL methods on disks that are not
+ removable or hotpluggable -->
+
+<deviceinfo version="0.2">
+<device>
+ <match key="@block.storage_device:storage.hotpluggable" bool="false">
+ <match key="@block.storage_device:storage.removable" bool="false">
+ <merge key="volume.ignore" type="bool">true</merge>
+ </match>
+ </match>
+</device>
+</deviceinfo>
+EOF
+
# If the system-wide D-BUS daemon was running during the
# installation of HAL, ensure you stop and restart the
# D-BUS daemon before attempting to start the hald daemon.