Re: devmapper: call for votes
I vote in favor of this resolution on bug #329409.
Thanks,
--
Raul
On 4/6/06, Steve Langasek <vorlon@debian.org> wrote:
> I'm calling for a vote on the following resolution regarding bug #329409.
...
> WHEREAS
>
> 1. It is a limitation of the current device-mapper implementation in Debian
> that all device nodes managed by libdevmapper are created with the same
> hard-coded ownership and permissions; and
>
> 2. The standard owning group for disk device nodes is group "disk"; and
>
> 3. The sole reason for the existence of this group on Debian systems is
> to control access to disk devices; and
>
> 4. The majority of device-mapper nodes expose data that is already
> available to members of the disk group via the component disks; and
>
> 5. The use of a different owning group in these cases therefore makes
> accessing the data more inconvenient but not more secure; and
>
> 6. The exception to the above is dm-crypt, whereby device-mapper nodes
> expose data that is not available in unencrypted form from the
> component disks; and
>
> 7. No single owning group satisfies all possible use cases for
> device-mapper; but
>
> 8. Users of dm-crypt have the option of not adding users to the disk
> group that they do not wish to have access to their unencrypted
> dm-crypt volumes;
>
> THE TECHNICAL COMMITTEE:
>
> 9. THANKS Bastian Blank for his continued maintenance of the devmapper
> package in Debian; and
>
> 10. ALSO THANKS Roger Leigh for bringing this issue before the
> committee; and
>
> 11. ENCOURAGES the devmapper maintainer to work towards support for
> configurable device-mapper device permissions in Debian; and
>
> 12. DETERMINES that the correct default permissions for all device-mapper
> nodes is root:disk 0660, with or without support for configurable device
> permissions; and
>
> 13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to
> implement these permissions in unstable by applying Roger Leigh's
> patch from
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0;
> and
>
> 14. RECOMMENDS policy be updated to reflect this determination on
> default block device permissions; and
>
> 15. AUTHORIZES Roger to implement these same permissions in stable via a
> non-maintainer upload.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFENNiIKN6ufymYLloRAs3kAKCGhP1weIjzn+hWZxEtDAnkK7r/iwCfdZtN
> VPGy1yLpvWx9TFK44xWjbIg=
> =Z3ZQ
> -----END PGP SIGNATURE-----
>
>
>
Reply to: