https://bugzilla.novell.com/show_bug.cgi?id=438131
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=438131#c13
Ludwig Nussel
Attaching my best attempt (live system patch), but still not working.
Please help me with following files (packages pcsc-lite, opensc, pcsc-cyberjack): /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi
Should be moved to /usr/share/hal/fdi/information/20thirdparty
/etc/udev/rules.d/pcscd_ccid.rules /etc/udev/rules.d/99-pcsc_lite.rules
And the same for UPS devices: /etc/udev/rules.d/52_nut-usbups.rules ... and the whole nut-hal package. I was not able to make it working, so I disabled it completely.
Those change ownerships are wrong, see below.
What is the correct value for match key="info.subsystem" string="usb..."
"usb" or "usb_device"? Half of files use "usb_device", another half "usb".
Depends on what you want to match. An usb device ("usb_device") device may have multiple interfaces ("usb"). Only the usb device actually has a device node in /dev/bus/usb. If you are only going to match for vendor/product place you match at "usb_device". If you need to look at interface properties a little more magic is required to get the correct values into the parent.
And what is correct here: <append key="info.capabilities" type="strlist">smart-card-reader</append> ^ append or merge?
append is used to append a value to a lists, merge will overwrite
^ capabilities or category?
http://people.freedesktop.org/~david/hal-spec/hal-spec.html "...two textual properties, info.category and info.capabilities. The former describes what the device is (as a single alphanumeric keyword) and the latter describes what the device does (as a number of alphanumeric keywords separated by whitespace)". So if the only function of the device a card reader using 'category' would be correct.
^ smart-card-reader or smart_card_reader
I don't know what the naming guidelines on hal are. That's a question Danny can probably give some advice on.
For use of pcsc-lite and openct, "daemon" UID must be also allowed to use the card. How should I do it? udev? hald-addon? anything else?
Not at all. Use of the daemon group is rather unspecified so don't use it to assign privileges. Your daemon uses a dedicated user for it's opereration, does it? So you could grant privileges explicitly to that user. Unfortunately there is no framework to do that in a clean way yet so you have to call polkit-auth manually in %pre or %post. See for example hal.
How can I test, that capabilities were properly set? getfactl? Or 'echo ""
/dev/bus/usb/003/002' with local user privileges?
getfacl. $ polkit-auth |grep sound org.freedesktop.hal.device-access.sound $ getfacl /dev/dsp getfacl: Removing leading '/' from absolute path names # file: dev/dsp # owner: root # group: audio user::rw- user:lnussel:rw- <- here I have access group::rw- mask::rw- other::--- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.