Index: hal-0.5.13/hal.conf.in
===================================================================
--- hal-0.5.13.orig/hal.conf.in	2009-09-23 16:41:51.000000000 +0200
+++ hal-0.5.13/hal.conf.in	2009-09-23 16:41:57.000000000 +0200
@@ -25,7 +25,39 @@
            send_interface="org.freedesktop.Hal.Device"/>
     <allow send_destination="org.freedesktop.Hal"
            send_interface="org.freedesktop.Hal.Manager"/>
+  </policy>
+
+  <!-- Only allow users at the local console to manipulate devices -->
+  <policy at_console="true">
+    <allow send_destination="org.freedesktop.Hal"
+           send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.DockStation"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.KillSwitch"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.KeyboardBacklight"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Leds"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.LightSensor"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Storage.Removable"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Volume"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
+    <allow send_destination="org.freedesktop.Hal"
+    	   send_interface="org.freedesktop.Hal.Device.WakeOnLan"/>
+
+  </policy>
 
+  <!-- well,...and root too -->
+  <policy user="root">
     <allow send_destination="org.freedesktop.Hal"
            send_interface="org.freedesktop.Hal.Device.CPUFreq"/>
     <allow send_destination="org.freedesktop.Hal"