Difference between revisions of "HAL"

From ArchWiki
Jump to navigation Jump to search
(NTFS: added support for hal 0.5.11-7)
(small corrections and added internal links to sections)
Line 124: Line 124:
  
 
After upgrade to 0.5.11-7, it is possible that user mounting of ntfs volumes via hal does not work anymore. There is a workaround in two steps:
 
After upgrade to 0.5.11-7, it is possible that user mounting of ntfs volumes via hal does not work anymore. There is a workaround in two steps:
1. Follow the instruction in this article, section Permission Denied with automounter.
+
#Follow the instruction in this article, section [[HAL#Permission_Denied_with_automounter|Permission Denied with automounter]].
2. Modify /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi as root, searching for the following point and adding the two <merge key=> lines:
+
#Modify /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi as root, searching for the following point and adding the two <merge key=> lines:
  
 
  <!-- allow these mount options for ntfs -->
 
  <!-- allow these mount options for ntfs -->
Line 165: Line 165:
 
  </deviceinfo>
 
  </deviceinfo>
  
{{Box Note | If permission is denied by HAL with "PermissionDeniedByPolicy hal-storage-mount-removable-extra-options no" see ''Permission Denied with automounter'' below.}}
+
If permission is denied by HAL with "PermissionDeniedByPolicy hal-storage-mount-removable-extra-options no" see [[HAL#Permission_Denied_with_automounter|''Permission Denied with automounter'']] below.
  
 
=== Locale issues ===
 
=== Locale issues ===
Line 250: Line 250:
 
                 </match>
 
                 </match>
 
         </match> <nowiki> <!-- don't forget to delete this line if you deleted the first one --></nowiki>
 
         </match> <nowiki> <!-- don't forget to delete this line if you deleted the first one --></nowiki>
into the <config> section (replace $USER with your login name). Restart dbus and hal. If you used kde you will have to restart kde as well (the device notifier won't get it otherwise and will stop responding altogether). This was taken from Gullible Jones' "So long, Arch" thread as a hotfix for exactly this type of breakage and is probably not the best fix (especially for machines with a large number of users), but it works.
+
into the <config> section. Restart dbus and hal. If you used kde you will have to restart kde as well (the device notifier won't get it otherwise and will stop responding altogether). This was taken from Gullible Jones' "So long, Arch" thread as a hotfix for exactly this type of breakage and is probably not the best fix (especially for machines with a large number of users), but it works.
  
 
==Security error==
 
==Security error==

Revision as of 12:19, 22 February 2009


Template:I18n links start Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n entry Template:I18n links end

HAL (Hardware Abstraction Layer) is a daemon that allows desktop applications to readily access hardware information so that they can locate and use such hardware regardless of bus or device type. In this way a desktop GUI can present all resources to its user in a seamless and uniform manner.

HAL and hotplugging

There are a number of things involved in 'hotplugging' and HAL is only one of them. When a new device is added, e.g. a USB drive is plugged in, the following takes place (roughly):

  • The kernel becomes aware of a new device and writes it up in /sys.
  • Udev creates a device node (e.g. /dev/sdb1), and runs the drivers/modules needed.
  • The HAL daemon is notified by D-Bus and adds the device and what it can find out about it to its database.
  • The addition of the new device is broadcast by HAL over D-Bus to whatever programs are subscribing, e.g. Thunar which shows it as an icon in the shortcuts side panel, or Metacity/Nautilus which will add an icon to the desktop.
  • Another program listening may be a volume manager, such as thunar-volman or AutoFS, configured to automatically create mount points and mount certain types of drives, start Rhythmbox whenever an iPod is connected, etc.

HAL does not detect the hardware (kernel), manage the devices or the drivers (udev) or automount drives (volume managers). Its role is more akin to a communications central, providing your applications with a nice, clean interface to the devices. Problems with hotplugged devices not being properly detected, usable, or mounted should be investigated, knowing that it is a long chain and there are more components involved (see 'Troubleshooting').

Initial configuration

The HAL daemon requires the presence of the D-Bus daemon, so we need to make sure both are installed.

# pacman -S hal dbus

If desired, you may want to install pmount:

Open a terminal and type the following as root:

# pacman -S pmount

pmount lets normal users mount removable devices without the aid of sudo or editing /etc/fstab beforehand.

No matter if you choose to install pmount or not, continue with the following: Then edit the file /etc/rc.conf as root with your favorite editor and add hal to the DAEMONS array, for example:

DAEMONS=(syslog-ng hal network netfs ...)

The HAL daemon will now load at boot time. When HAL initializes it will check for the presence of D-Bus and load it automatically. If you have dbus in your list of daemons, remove it, since it can cause problems.

You can also start HAL manually by issuing the following command as root:

# /etc/rc.d/hal start

For D-Bus and HAL to be of any practical use, local user accounts should be members of the following groups: optical and storage. To achieve this, open a terminal and type the following commands as root:

# gpasswd -a username optical
# gpasswd -a username storage
Replace username with your actual username (e.g. johndoe).

For those group changes to take effect, you have to completely logout and login again.

Policies

Permissions policies

Your programs communicate with HAL controlled devices through a D-Bus interface. A number of interfaces are defined, each associated with a number of methods: The storage device interface, for example, has the methods 'eject' and 'close tray' (for optical drives). In order to 'mount' a partition on a USB key, you need access to the relevant D-Bus interface ('volume' in this case).

The configuration file /etc/dbus-1/system.d/hal.conf specifies HAL-specific privileges, i.e. what users have access to what interfaces. These are defined as exceptions to the overall restrictions imposed on using D-Bus interfaces, specified in /etc/dbus-1/system.conf. In short, you'll need to see that hal.conf grants your user the right to access specific DBUS/HAL interfaces, because the D-Bus default is not to let you access them.

The default hal.conf will contain a number of policies denying and allowing access, amongst them this default (the later of two defaults and therefore seemingly the deciding one):

<policy context="default">
  <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
  <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
  <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
  <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
  <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>

In short, users are by default denied access to interfaces like Volume which has methods such as mount and unmount. This is overruled by policies allowing users of the groups 'power' and 'storage' to access their respective devices:

<policy group="power">
  <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
  <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
</policy>
<policy group="storage">
  <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
  <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
</policy>

Which is why you will want to add your user to those groups (see 'Initial configuration'), thus reducing the number of customized configuration files. A less elegant solution is inserting your user name into the user policy section granting access to all the HAL devices listed (replace the zero with your user name):

 <policy user="0">
   <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
   <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
   <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
   <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
   <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
 </policy>

Device specific policies

NTFS

Add the following to /etc/hal/fdi/policy/20-ntfs-config-write-policy.fdi (create the file if it doesn't exist)

Note: This config file has been tested with hal = 0.5.11 and correctly identifies/mounts (external) ntfs devices with ntfs-3g. 'mount' should display the filesystem type as 'fuseblk' if this configuration file is correctly detected.

<?xml version="1.0" encoding="UTF-8"?> 
<deviceinfo version="0.2">
   <device>
       <match key="volume.fstype" string="ntfs">
           <match key="@block.storage_device:storage.hotpluggable" bool="true">
               <merge key="volume.fstype" type="string">ntfs-3g</merge>
               <merge key="volume.policy.mount_filesystem" type="string">ntfs-3g</merge>
               <append key="volume.mount.valid_options" type="strlist">locale=</append>
           </match>
       </match>
   </device>
</deviceinfo>

PCManFM trick

If you use pcmanfm as FM, you have to tell it explicitely how to manage the ntfs-3g driver. It is not difficult, you just have to edit the config file at /usr/share/pcmanfm/mount.rules like the following:

[ntfs-3g]
# mount_options=locale=;exec
mount_options=uid=1000;gid=100;fmask=0113;dmask=0002;locale=;exec

Obviously, you can select the permission you want.

Hal 0.5.11-7 trick

After upgrade to 0.5.11-7, it is possible that user mounting of ntfs volumes via hal does not work anymore. There is a workaround in two steps:

  1. Follow the instruction in this article, section Permission Denied with automounter.
  2. Modify /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi as root, searching for the following point and adding the two <merge key=> lines:
<match key="volume.fstype" string="ntfs">
<match key="/org/freedesktop/Hal/devices/computer:system.kernel.name" string="Linux">
<merge key="volume.fstype" type="string">ntfs-3g</merge>
<merge key="volume.policy.mount_filesystem" type="string">ntfs-3g</merge>
<append key="volume.mount.valid_options" type="strlist">uid=</append>

Alternatively, you can downgrade to hal 0.5.11-4 via normal methods. See also this post.

mount.ntfs linking

As of hal >= 0.5.10 the above policy may not work. This is a workaround forcing HAL to use the ntfs-3g driver instead of the standard ntfs driver. Please note that this method will use the ntfs-3g driver for all NTFS drives on your system! As root create a symbolic link from mount.ntfs to mount.ntfs-3g.

Note: This should only be used as a last resort 'hack' if HAL is unable to properly recognize and mount (rw) ntfs drives.

# ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs

Possible issues using this method:

  • if mount is called with the "-i" option it doesn't work
  • possible issues with the kernel ntfs module

Mount a device to a specific mount point

To tell HAL where to mount a device you need two things:

  • $device_uuid, the uuid of the device (ls -l /dev/disk/by-uuid/ can help)
  • $device_name, the name you want to give to the device, the device will be mounted in /media/$device_name

Template:Box Note Template:Box Note

Place this into "/etc/hal/fdi/policy/20-$device_name.fdi" without forgetting to replace $device_uuid and $device_name by their values.

<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
   <device>
       <match key="volume.uuid" string="$device_uuid">
               <merge key="volume.label" type="string">$device_name</merge>
               <merge key="storage.automount_enabled_hint" type="bool">true</merge> <!-- if you want automount this should be true even if it may not be taken into account by the Desktop Environment -->
       </match>
   </device>
</deviceinfo>

If permission is denied by HAL with "PermissionDeniedByPolicy hal-storage-mount-removable-extra-options no" see Permission Denied with automounter below.

Locale issues

Template:Box Note

You may have problem with filenames containing non-latin characters. This happens because your mounthelper is not parsing the policies and locale option correctly. There is a workaround for this:

  • Remove this symlink: rm /sbin/mount.ntfs-3g
  • Replace it with a new bash script containing:
#!/bin/bash
/bin/ntfs-3g $1 "$2" -o locale=en_US.UTF-8,$4  # put your own locale here
  • Make it executable: chmod +x /sbin/mount.ntfs-3g
  • Add "NoUpgrade = sbin/mount.ntfs-3g" to /etc/pacman.conf.

Allow dmask and fmask for ntfs-3g

dmask and fmask are very useful for setting different access rights for directories and files, e.g. dmask=000,fmask=111 will make directories accessible to all, while files will stay non-executable.

    <device>
        <match key="volume.fstype" string="ntfs">
            <append key="volume.mount.valid_options" type="strlist">dmask=</append>
            <append key="volume.mount.valid_options" type="strlist">fmask=</append>
        </match>
    </device>

Auto-mount only removable media

By default HAL automounts all available partitions not mounted in /etc/fstab and create desktop icons for them. To override this behavior and automount only removable drives, just add this rule:

 <device>
   <match key="storage.hotpluggable" bool="false">
     <match key="storage.removable" bool="false">
       <merge key="storage.automount_enabled_hint" type="bool">false</merge>
     </match>
   </match>
 </device>

If you are running KDE and the device is being automounted (i.e. it comes up in Konqueror), but it is not on the desktop go to Control Center -> Desktop -> Behavior -> Device Symbols (3rd Tab) and make sure the box is checked.

If you are are running KDE 4.x and you want your removable drives automounted, then you need the plasma-devicenotifier_automount which can be found in AUR.

Edit from LeoSolaris: I tried to add this to /etc/dbus-1/system.d/hal.conf and it kept dbus from loading properly. If this still works, it is meant to be placed somewhere else. (FYI for those less experienced, if dbus fails to load properly, usb keyboards, including the ones on laptops, will cease to function entirely. Use single user mode to gain console access, then remove this piece of code if dbus fails.)

Enable the noatime mount option for removable devices

This will speed up file operations and also reduce wear on flash memory devices like USB sticks or SD cards.

 <device> 
   <match key="block.is_volume" bool="true">
     <match key="@block.storage_device:storage.hotpluggable" bool="true">
       <merge key="volume.policy.mount_option.noatime" type="bool">true</merge>
     </match>
     <match key="@block.storage_device:storage.removable" bool="true">
       <merge key="volume.policy.mount_option.noatime" type="bool">true</merge>
     </match>
   </match>
 </device>

... finally

Remember to restart the HAL-daemon for your changes to take effect immediately:

# /etc/rc.d/hal restart

Troubleshooting

An alternative approach for solving the two first issues is presented at [1]. It also helps to correct issues with powerdown and shutdown of the system.

Automounting fails with "IsCallerPrivileged failed" message

If you get a message "IsCallerPriviliged failed" and are not using KDM or GDM, use ck-launch-session to start your DE/WM.

For example with startx/KDE, this was originally in Template:Filename:

exec startkde

The new version:

exec ck-launch-session startkde

Permission Denied with automounter

If you just upgraded and suddenly your automount stopped working for non-root users with the error "PermissionDeniedByPolicy mount-removable no" or "PermissionDeniedByPolicy mount-removable-extra-options no" you can hotfix the situation by editing /etc/PolicyKit/PolicyKit.conf and paste

       <match user="$USER"> <!-- replace with your login or delete the line if you want to allow all users to manipulate devices (keep security issues in mind though) -->
               <match action="org.freedesktop.hal.storage.*">
                       <return result="yes"/>
               </match>
               <match action="hal-storage-mount-fixed-extra-options"> <!-- for internal devices mounted with extra options like a wished mount point -->
                       <return result="yes" />
               </match>
               <match action="hal-storage-mount-removable-extra-options"> <!-- for external devices mounted with extra options like a wished mount point -->
                       <return result="yes" />
               </match>
       </match>  <!-- don't forget to delete this line if you deleted the first one -->

into the <config> section. Restart dbus and hal. If you used kde you will have to restart kde as well (the device notifier won't get it otherwise and will stop responding altogether). This was taken from Gullible Jones' "So long, Arch" thread as a hotfix for exactly this type of breakage and is probably not the best fix (especially for machines with a large number of users), but it works.

Security error

If inserted CD/DVDs are recognized and an icon is placed on the desktop, but you are not able to open and explore the device, then the device is recognised by the udev system but something is preventing HAL from mounting it. If double-clicking the icon gives the error window "A security policy prevents this sender from sending this message to this recipient...", you will need to check your permissions settings (see the 'Initial configuration' and 'Permissions policies' sections).

Inserted CD/DVD doesn't get recognized by HAL

If inserted CDs/DVDs are not recognized by HAL (no icon on the desktop), check /etc/fstab and remove the lines for the optical drives.

USB sticks and drives do not automount correctly

This sub-section is sourced from this forum page.

If you are experiencing problems with automounting USB sticks and/or drives, but do not have problems with automounting CDs or DVDs, and if you are able to manually mount the USB device in question, then you should create the file "preferences.fdi" in the folder /etc/hal/fdi/policy and paste the following line into the file

<merge key="volume.ignore" type="bool">false</merge>

Also, if you have GParted installed, you might need to delete this file:

/usr/share/hal/fdi/policy/gparted-disable-automount.fdi

... as being mentioned at the end of this thread: [2]

Also you should remove from /etc/fstab lines, corresponding to usb devices which should be mounted by hal automatically.

Could not get UID and GID

If you get the following error while starting DBUS:

Failed to start message bus: Could not get UID and GID for username "dbus"

then add the user like so:

# /usr/sbin/groupadd -g 81 dbus
# /usr/sbin/useradd -c 'System message bus' -u 81 -g dbus -d '/' -s /bin/false dbus

Removing USB flash causes improper unmount

If you remove your USB flash without previously unmounting it, automatic unmount by HAL may work improperly.

You may find that corresponding records from /media/.hal-mtab is not deleted, and in nautilus device list (and also on GNOME desktop) remains link to an empty folder, where the device was previously mounted.

This may be corrected by unmounting flash drive with "lazy" parameter. To do so, you should do some tweaking:

1) Create an executable script /usr/lib/hal/hal-unmount.sh with access rights 755 and the following content

#!/bin/sh 
# sanity check. DEVNAME should start with a / 
[ "$DEVNAME" != "${DEVNAME#/}" ] || exit 0
# Lazily unmount drives which are removed, but still mounted 
if [ "$ACTION" = remove ] ; then
  if [ -x /usr/bin/pumount ] ; then
    /usr/bin/pumount -l "$DEVNAME";
  else
    /bin/umount -l "$DEVNAME";
  fi
fi
exit 0

2) Then you should tell HAL to run this script when you remove your usb stick. To do so, you should add to /etc/udev/rules.d/90-hal.rules the following line

SUBSYSTEM=="block", ACTION=="remove", RUN+="/usr/lib/hal/hal-unmount.sh"

3) Execute

# /etc/rc.d/hal restart

External links