Re: setting brightness as privileged operation?

[Michal Hocko]

On Fri 12-05-17 11:47:12, Pavel Machek wrote:
> On Fri 2017-05-12 08:20:04, Michal Hocko wrote:
> > On Thu 11-05-17 23:07:55, Pavel Machek wrote:
> > > On Thu 2017-01-05 10:23:07, Michal Hocko wrote:
> > > > Hi,
> > > > I have just learned that my Xfce Power Manager cannot manipulate
> > > > brightness because I do not have policykit installed on my computer.
> > > > There is a reason for that (yeah it depends on systemd which I prefer
> > > > not have).
> > > > 
> > > > While this is clearly a problem of the Xfce applet I am wondering why
> > > > setting the brightness has to be a privileged operation at all. Is there
> > > > any strong reason for it or just a general policy that we do not give
> > > > world writable files into sysfs?
> > > 
> > > Well, if you have another user logged in using ssh, and changing _your_
> > > brightness, that will be somehow annoying, right?
> > 
> > I am pretty sure that such a user can do much larger harm than playing
> > with brigtness of my LCD. Anyway I went with my own rc.local hack.
> 
> Can he? Those are bugs to be fixed. We don't want them in kernel...

Good luck with that whack a mole. But more seriously. Having an
untrusted user on a system requires many measures including a very
restricted access to mounted filesystems to contain such a user.
Something tells me that /sys is one of the first candidate to deny
access to.

Instead it seems that we enforce people to use policy kit and other crap
to allow to use my HW as I want. I will not argue more here, I have a
workaround for me but this is just weird...
-- 
Michal Hocko
SUSE Labs