

This is a resource manager that will dole out file descriptors
for privileged devices via an AF_LOCAL socket.

I started to write this about quite a while ago, and then had to abandon
it because we were already in BETA and I had other things to attend to :)

Access control for devices can be configured dynamically as well as
statically.  Static configuration happens via /etc/resmgr.conf.
For the syntax of this file, please refer to the sample config file.

The basic concept of resmgrd is to have one or more resource classes.
Most of the time one will be enough, but can have several if you want.
These resource classes contain devices, along with a readonly flag
saying whether users can open these files read/write, or read-only.

Resource classes can be updated dynamically, for instance a hotplugging
daemon finds that a USB device was attached, and wants to grant the
current desktop user access to it. Likewise, it can remove the device
file from the resource class when the USB device is removed.

Users can be granted access to a resource class. This can be done
statically through acess controls in /etc/resmgr.conf - for instance,
you can grant all users in a certain group access to a resource
class. Alternatively, the super user can grant users access to a resource
class at run time, and later revoke it. This facility is used by the
pam_resmgr PAM module.

The user can connect to the daemon and list the devices he can
open, and open individual devices using the "open" command. When
the open comman succeeds, an open file descriptor will be sent
to the client using AF_LOCAL file descriptor passing.

Users can also ask the resource manager to lock a device for them.
This happens by the traditional UUCP style lock files in /var/lock
(currently you can do this for all devices, but it doesn't make
much sense for anything except serial devices, really).

There is also a shared library named libresmgr that comes with
the necessary bits and pieces that let you open a device pretty
much transparently. Just invoke rsm_open_device() and you will be
given a file descriptor for the device, opened read/write. The
full list of function can be found in resmgr.h.


				2002 October 31, okir@suse.de
