The default hald.conf automounts my extra (non-gentoo) disk partitions. The Gnome Multi-media properties only handles removable devices (apparently) so you can't turn it off that way. It looks like the default setup in hald.conf is: <storage_media_check_enabled>true</storage_media_check_enabled> and <storage_automount_enabled_hint>true</storage_automount_enabled_hint> so hal requires an ide-hard-drive.dfi (or whatever) to tell in not to automount other IDE hard disks. I think a default can be provided to handle that. Hmmm... On second thought, after adding the following: <!-- stop Hal from automounting my disk partitions --> <match key="storage.bus" string="ide"> <match key="block.device" string="/dev/hda"> <merge key="storage.automount_enabled_hint" type="bool">false</merge> <merge key="storage.media_check_enabled" type="bool">false</merge> </match> </match> <match key="storage.bus" string="ide"> <match key="block.device" string="/dev/hdb"> <merge key="storage.automount_enabled_hint" type="bool">false</merge> <merge key="storage.media_check_enabled" type="bool">false</merge> </match> </match> which properly sets the above keys, however, my partitions are still mounted. What am I missing here? The comments in hald.conf imply this should work; anybody else have an interpretation to share?
Sorry, I got distracted for a sec...
Well I'll be a dirty... It took a full reboot and Gnome login, but the .fdi file works like I thought it should (you just can't test changes with a hald restart). So if you add this to the default install (I put it in the generic/ directory, but I think the upstream has a vendor/ dir as well). Just a thought... Any feedback on the security implications?
iirc it reports any partition not already noted in fstab & creates a /media entry for it. If the partitio I'm not sure what security implications this should have, you want to hide partitions or something ? The info is there, hal just makes it easily accessible. As far as your policy goes, who sais /dev/hd{a,b} aren't a cddrive or whatever ?
Well, the default config after an emerge automounts all my disk partitions that aren't in my Gentoo fstab. These partitions are not Gentoo partitions, and I don't want then automounted on my desktop by default. As for the security implications, these other partitions could easily have sensitive data on them, and in many environments that is a big no-no. I wasn't sure what the meaning of the bugzilla security checkbox was, so I guess I should not have checked it (feel free to un-check it :) Back to the original issue, it seems like a non-optimal (dare I say brain-dead) default config; at the very least it's annoying, or it could be even worse. How can we assume everyone wants this behavior? It would be better to assume the standard IDE setup of hda (hard disk) and hdc (cdrom-type drive) and then spit out some advice during emerge. I'd rather not assume anything about sda since that's the default flash drive for typical IDE rigs, and people with real sda/b/c drives tend to know more about their hardware anyway. I never said it was an easy answer, but I can't come up with a better one at this point.
It looks like the new hal has a default storage policy that handles this in: /usr/share/hal/fdi/90defaultpolicy/storage-policy.fdi The very last set of keys merged are: <device> <match key="storage.hotpluggable" bool="false"> <match key="storage.removable" bool="false"> <merge key="storage.policy.should_mount" type="bool">false</merge> </match> </match> </device> So fixed disks should be covered by this.
