Opened 10 years ago
Closed 10 years ago
#10205 closed enhancement (fixed)
Package Management file blacklist
| Reported by: | kallisti5 | Owned by: | bonefish |
|---|---|---|---|
| Priority: | normal | Milestone: | Unscheduled |
| Component: | - General | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
We should seriously consider a blacklist for PM. This would enable users to disable kernel drivers, add-ons, and translators.
maybe a ~/config/settings/blacklist config file?
Change History (8)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Something like this is already on my (virtual) TODO list, though in a more general manner. I was thinking of a settings file (a global one in the concerned installation location) that would allow to blacklist files in packages. packagefs would then simply skip those files and not publish them. This would not only take care of drivers, but any file (add-on, library) that may cause trouble.
A similar feature (i.e. the functionality to select those files) would be needed in the boot loader menu.
comment:3 by , 10 years ago
that would also work. I was looking into the kernel level driver blacklist, and it would need to be added to src/system/kernel/module.cpp. "~load_module_image()" Having a separate blacklist file is a pain. If we did go with a kernel setting, using the normal kernel safemode settings would be easier. (then we could easily add a "blacklist" XXXXXXXXXX field on the boot menu. (it would operate like the other safemode settings, space separated list of modules to not load)
comment:4 by , 10 years ago
Well, we need a method to disable other files than drivers (e.g. translators: #7785) anyway, since having users edit packages is not really a reasonable option. It is also necessary -- or at least more convenient -- if you want to permanently replace a driver in the Haiku system package with an equally named different one. My suggested solution is fairly simple to implement and I don't think a separate settings file would be a big deal. It should be a very rarely used feature anyway.
comment:5 by , 10 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
| Summary: | Kernel driver add-on blacklist → Package Management file blacklist |
comment:6 by , 10 years ago
One benefit of PM was that as /boot/system was read only it improved os security, etc. If files in packages can be blacklisted, in theory nefarious binaries could take the place of legitimate system files / libraries through the non-packaged directories. (then again, I think non-packaged stuff overrides system files anyway at the moment... so that may be a moot point)
comment:7 by , 10 years ago
My intention is to have a blacklist (or more generally: package settings) file per installation location (if needed). I.e. the package content of /boot/system could only be manipulated via /boot/system/settings/packages. The file would have the same (i.e. root/admin only) permissions as /boot/system/packages. So from a system security POV it wouldn't really change anything -- if you can modify the settings file, you could just as well modify/replace the packages themselves.
On the GUI, as axel said in #10202:
"Kernel settings are something that should have no use for 99.9% of the users. It's definitely not happening as part of Haiku. IOW a perfect 3rd party opportunity :-)"