From Martin@lichtvoll.de Sun Jul 13 10:49:31 2008 Return-Path: X-Original-To: tuxonice-devel@crca.org.au Delivered-To: tuxonice-devel@crca.org.au X-Bogosity: Ham, spamicity=0.000000 Received: from mail.tuxonice.net (tuxonice.net [67.207.135.122]) by crca.org.au (Postfix) with ESMTP id 73E22138004 for ; Sun, 13 Jul 2008 10:49:31 +0000 (UTC) X-Bogosity: Ham, spamicity=0.000000 Received: from mail.lichtvoll.de (mondschein.lichtvoll.de [194.150.191.11]) by mail.tuxonice.net (Postfix) with ESMTP id 4EADD22814D for ; Sun, 13 Jul 2008 10:49:29 +0000 (UTC) Received: from localhost (DSL01.83.171.151.35.ip-pool.NEFkom.net [83.171.151.35]) by mail.lichtvoll.de (Postfix) with ESMTP id C6DCB5AE51; Sun, 13 Jul 2008 12:49:28 +0200 (CEST) From: Martin Steigerwald To: U Kuehn Date: Sun, 13 Jul 2008 12:49:11 +0200 User-Agent: KMail/1.9.9 References: <200807080908.54766.Martin@Lichtvoll.de> <4879206E.3090509@acm.org> (sfid-20080713_123032_041282_E3BCA323) In-Reply-To: <4879206E.3090509@acm.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9506386.dO55sSLD3Z"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200807131249.18059.Martin@lichtvoll.de> Cc: tuxonice-devel@lists.tuxonice.net Subject: Re: [TuxOnIce-devel] user scriptlets for hibernate X-BeenThere: tuxonice-devel@lists.tuxonice.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: TuxOnIce Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jul 2008 10:49:32 -0000 --nextPart9506386.dO55sSLD3Z Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag 12 Juli 2008 schrieb U Kuehn: > Hi Martin, Hi Ulrich, > Martin Steigerwald wrote: > > Recently I thought about user scriptlets in hibernate... it would be > > nice to be able to store scriptlets in ~/.hibernate that do > > communication with applications that run with the own user. > > > > I had this idea first as I got a new USB soundcard which likes > > unloading of usb sound module so that it resumes nicely. Prior to > > that I would like to stop Amarok and restart it on resume to avoid > > any issue with Amarok / xine finding its sound device disappearing > > suddenly. > > There is certainly a point in having a mechanism for this kind of > flexibility. > > > What do you think? > > > > I think these should be executed before any system-related > > scriptlets. > > Well, given that the hibernate script runs with root permissions, I > strongly suggest that before executing a script that any user can fully > control the hibernate script drops priviledges and regains them later. > > To illustrate the issue just think of a non-admin user having a > scriptlet containing a line like > > if ! egrep -q "^myroot" ; then > echo "myroot:x:0:0:root:/root:/bin/bash" >> /etc/passwd > # plus something similar for /etc/shadow to insert a passwd > fi > > Then this user would have effectively root rights. Not very desirable. Certainly. I didn't mention it, I took it for granted that those scripts=20 are run as the user for whom they are executed. They ideally should also=20 have only his environment. They should have a valid $DISPLAY set and=20 maybe one additional variable for the hibernate action that is taking=20 place: 1) Hibernate: Hibernate is about to create a on disk snapshot 2) Suspend: Hibernate is about to enter suspend to RAM 3) Resume: Hibernate is about to leave suspend or hibernate (should these=20 be separated? And maybe whether a failure occured aka action has been aborted by user or= =20 by some script giving back an error. Just as a rough idea... need to think a bit more about the which actions=20 such a script need to differentiate... and look into how it is done for=20 the system wide scriptlets... if they get information about the action=20 already. Had a quick glance at it, but didn't yet understand how it is=20 done. The scriptlets only contain functions and I didnot yet found how=20 hibernate determines which functions are to be called... well need to=20 have a closer look. Ciao, =2D-=20 Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 --nextPart9506386.dO55sSLD3Z Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAkh53agACgkQmRvqrKWZhMfLjQCdFeSkGQcUn2do+vyoz/ibPFnI 1UMAoKRphPZYsBkXnU9Os6dpK/lP/+Sz =0xd7 -----END PGP SIGNATURE----- --nextPart9506386.dO55sSLD3Z--