[Pcsclite-muscle] Deny card access for one application
Florent
fdeybach
Mon Aug 3 12:29:55 PDT 2015
Hi Nikos
> You can set up access controls via polkit, but these are applied on
> users rather than applications.
>
Indeed, like you said I have to setup ACL on applications, not on users.
> > Is there a way to deny the access to one specific reader?
> > Through udev rules? Through the Info.plist XML file?
>
> I think, you are too low level to apply access controls per
> application. How are your applications using the these smart cards? If
> it is via p11-kit you can deny access to various drivers via its
> configuration.
>
I am not familiar with p11-kit but at first glance this seems to me too
high-level ;)
It works on the pkcs11 level, right? The application I use doesn't even
need pkcs11 module, it works at the PCSC/CCID level.
I don't even need to have the corresponding pkcs11 module installed on my
linux client (it's of no use) since I am redirecting a raw access to the
smacard via the application.
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20150803/a8d00dc9/attachment.html>
More information about the pcsclite-muscle
mailing list