(In reply to comment #9)
> (In reply to comment #8)
> > Kay, what do you think about changing the defaults in the kernel so distros
> > won't have to do the thing suggested in comment 2 at boot time?
>
> I think the kernel defaults should lock all used drives by default, and should
> not be touched at bootup, and thhings like liveCD rootfs and similar setups
> should not be unlocked by a global default setting.
>
> I think we might want to unlock individual drives though, if our own services
> have applied the policy and mounted a media. I expect:
> ioctl(fd, CDROM_LOCKDOOR, 0);
> would unlock only the single drive we are currently handling, and would not
> touch other drives, or drives which have media which is mounted manually or by
> a system-wide configuration.
(In reply to comment #9)
> (In reply to comment #8)
> > Kay, what do you think about changing the defaults in the kernel so distros
> > won't have to do the thing suggested in comment 2 at boot time?
>
> I think the kernel defaults should lock all used drives by default, and should
> not be touched at bootup, and thhings like liveCD rootfs and similar setups
> should not be unlocked by a global default setting.
>
> I think we might want to unlock individual drives though, if our own services
> have applied the policy and mounted a media. I expect:
> ioctl(fd, CDROM_LOCKDOOR, 0);
> would unlock only the single drive we are currently handling, and would not
> touch other drives, or drives which have media which is mounted manually or by
> a system-wide configuration.
Sounds good to me.