Gentoo specific rules in /etc/dbus-1/system.d/hal.conf have no effect because the rules are set to allow for all before the Gentoo policy! She must be deny ! The patch 0001-Add-Gentoo-specific-policies.patch need to be updated. Reproducible: Always
Created attachment 189109 [details, diff] The updated patch
I don't believe that's right. The default context is the policykit context, and those rules have no effect unless you have policykit running (in which case, the policykit rules apply). Most of the policy on HAL functions is that the user logged into console can run them. There are a few that are restricted to root, and some are restricted when multiple people are logged in. Those rules need to be there for those of us using policykit instead of Gentoo's plugdev.
Humm... I'm running a gentoo stable x86 without policykit, I'm not in plugdev group and I'm able to mount cdrom, usb keys, etc.. The gnome-session ebuild says "Add yourself to the plugdev group if you want automounting to work.", without this patch, it is not the case if the system was builds without policykit support. And you can see in hal.conf.in "Default policy for the exported interfaces; if PolicyKit is not used for access control you will need to modify this". So, I see 2 solutions : -1) Allow automounting for all users if the system was builds without policykit support. In this case, remove completly the patch and plugdev group because they're not needed. -2) Allow aitomounting for members of plugdev group only, and in this case, this patch is needed because the original patch don't works like expected. ++'ll Jeremy
Neither of those solutions is acceptable. I'll work on a proper solution.
Fixed in hal-0.5.12_rc1-r5
