Package: hal Version: 0.5.7-2 Severity: important The next release of KDE, 3.5.4, brings changes to how removable devices are mounted (by changing how dbus/HAL/pmount is used), and this has uncovered a problem with Debian's HAL.
Prior to 3.5.4, users running KDE could mount or unmount volumes (data CDs, DVDs, etc.) as long as they were members of the plugdev group. No entry in /etc/fstab was required for a device to be mounted; KDE would use fstab if it existed, but if not it created its own directory under /media and mounted the device there. It used pmount to do this. Now, however, an entry under /etc/fstab is required for users to be able to mount a volume, and it must have the "user" or "users" option there as well. Otherwise, users receive an error message: "A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unset)" destination "org.freedesktop.Hal")" ...when trying to mount a volume. I guess KDE doesn't use pmount anymore. I filed a bug against KDE, but was told that it in fact this problem was due to Debian's default HAL configuration. Indeed, editing /etc/dbus-1/system.d/hal.conf to allow send_interface="org.freedesktop.Hal.Device.Volume" worked. It's worth noting that any user currently in the plugdev group can use pmount to mount discs under /media. Perhaps hal should follow this policy, which seems quite sensible, and shouldn't weaken system security, since pmount+plugdev is already being used to mount volumes, etc. The end of hal.conf would then look something like this: <!-- You can change this to a more suitable user, or make per-group --> <policy group="powerdev"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> </policy> <!-- Allow plugdev members to mount volumes --> <policy group="plugdev"> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> This way KDE 3.5.4 will continue to function as users expect, and they won't be forced them to write /etc/fstab entries for each optical or removable device - exactly the sort of thing that Project Utopia was designed to avoid. Thanks, Christopher Martin
pgptKV4jE7CSi.pgp
Description: PGP signature
