From: Michael Biebl Date: Fri, 13 Jul 2018 21:36:13 +0000 (+0200) Subject: Do not apply uaccess tag for /dev/kvm if mode is 0666 X-Git-Tag: archive/raspbian/239-15+rpi1^2~46 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=35f737f723ec4a83e37bdd01f9e37b4c2964adde;p=systemd.git Do not apply uaccess tag for /dev/kvm if mode is 0666 (cherry picked from commit ace5e3111c0b8d8bfd84b32f2c689b0a4d92c061) Gbp-Pq: Name Do-not-apply-uaccess-tag-for-dev-kvm-if-mode-is-0666.patch --- diff --git a/meson.build b/meson.build index 04331dd4..dd21f50f 100644 --- a/meson.build +++ b/meson.build @@ -741,7 +741,9 @@ substs.set('USERS_GID', users_gid) conf.set10('ENABLE_ADM_GROUP', get_option('adm-group')) conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group')) -substs.set('DEV_KVM_MODE', get_option('dev-kvm-mode')) +dev_kvm_mode = get_option('dev-kvm-mode') +substs.set('DEV_KVM_MODE', dev_kvm_mode) +conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666') substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) kill_user_processes = get_option('default-kill-user-processes') diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules deleted file mode 100644 index 6feb9572..00000000 --- a/src/login/70-uaccess.rules +++ /dev/null @@ -1,83 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1+ -# -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -ACTION=="remove", GOTO="uaccess_end" -ENV{MAJOR}=="", GOTO="uaccess_end" - -# PTP/MTP protocol devices, cameras, portable media players -SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess" - -# Digicams with proprietary protocol -ENV{ID_GPHOTO2}=="?*", TAG+="uaccess" - -# SCSI and USB scanners -ENV{libsane_matched}=="yes", TAG+="uaccess" - -# HPLIP devices (necessary for ink level check and HP tool maintenance) -ENV{ID_HPLIP}=="1", TAG+="uaccess" - -# optical drives -SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="uaccess" -SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="uaccess" - -# Sound devices -SUBSYSTEM=="sound", TAG+="uaccess", \ - OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq" - -# ffado is an userspace driver for firewire sound cards -SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="uaccess" - -# Webcams, frame grabber, TV cards -SUBSYSTEM=="video4linux", TAG+="uaccess" -SUBSYSTEM=="dvb", TAG+="uaccess" - -# IIDC devices: industrial cameras and some webcams -SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", TAG+="uaccess" -SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", TAG+="uaccess" -# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more -SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess" -SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess" - -# DRI video devices -SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess" - -# KVM -SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess" - -# smart-card readers -ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" - -# (USB) authentication devices -ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess" - -# PDA devices -ENV{ID_PDA}=="?*", TAG+="uaccess" - -# Programmable remote control -ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" - -# joysticks -SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess" - -# color measurement devices -ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess" - -# DDC/CI device, usually high-end monitors such as the DreamColor -ENV{DDC_DEVICE}=="?*", TAG+="uaccess" - -# media player raw devices (for user-mode drivers, Android SDK, etc.) -SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" - -# software-defined radio communication devices -ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" - -# 3D printers, CNC machines, laser cutters, 3D scanners, etc. -ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess" - -LABEL="uaccess_end" diff --git a/src/login/70-uaccess.rules.m4 b/src/login/70-uaccess.rules.m4 new file mode 100644 index 00000000..d55e5bf5 --- /dev/null +++ b/src/login/70-uaccess.rules.m4 @@ -0,0 +1,84 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +ACTION=="remove", GOTO="uaccess_end" +ENV{MAJOR}=="", GOTO="uaccess_end" + +# PTP/MTP protocol devices, cameras, portable media players +SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess" + +# Digicams with proprietary protocol +ENV{ID_GPHOTO2}=="?*", TAG+="uaccess" + +# SCSI and USB scanners +ENV{libsane_matched}=="yes", TAG+="uaccess" + +# HPLIP devices (necessary for ink level check and HP tool maintenance) +ENV{ID_HPLIP}=="1", TAG+="uaccess" + +# optical drives +SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="uaccess" +SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="uaccess" + +# Sound devices +SUBSYSTEM=="sound", TAG+="uaccess", \ + OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq" + +# ffado is an userspace driver for firewire sound cards +SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="uaccess" + +# Webcams, frame grabber, TV cards +SUBSYSTEM=="video4linux", TAG+="uaccess" +SUBSYSTEM=="dvb", TAG+="uaccess" + +# IIDC devices: industrial cameras and some webcams +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", TAG+="uaccess" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", TAG+="uaccess" +# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess" +SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess" + +# DRI video devices +SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess" +m4_ifdef(`DEV_KVM_UACCESS',`` +# KVM +SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"'' +)m4_dnl + +# smart-card readers +ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" + +# (USB) authentication devices +ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess" + +# PDA devices +ENV{ID_PDA}=="?*", TAG+="uaccess" + +# Programmable remote control +ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess" + +# joysticks +SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess" + +# color measurement devices +ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess" + +# DDC/CI device, usually high-end monitors such as the DreamColor +ENV{DDC_DEVICE}=="?*", TAG+="uaccess" + +# media player raw devices (for user-mode drivers, Android SDK, etc.) +SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess" + +# software-defined radio communication devices +ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess" + +# 3D printers, CNC machines, laser cutters, 3D scanners, etc. +ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess" + +LABEL="uaccess_end" diff --git a/src/login/meson.build b/src/login/meson.build index 4326a452..0e1ed18f 100644 --- a/src/login/meson.build +++ b/src/login/meson.build @@ -81,10 +81,6 @@ if conf.get('ENABLE_LOGIND') == 1 install_data('70-power-switch.rules', install_dir : udevrulesdir) - if conf.get('HAVE_ACL') == 1 - install_data('70-uaccess.rules', install_dir : udevrulesdir) - endif - seat_rules = configure_file( input : '71-seat.rules.in', output : '71-seat.rules', @@ -92,6 +88,15 @@ if conf.get('ENABLE_LOGIND') == 1 install_data(seat_rules, install_dir : udevrulesdir) + custom_target( + '70-uaccess.rules', + input : '70-uaccess.rules.m4', + output: '70-uaccess.rules', + command : [meson_apply_m4, config_h, '@INPUT@'], + capture : true, + install : conf.get('HAVE_ACL') == 1, + install_dir : udevrulesdir) + custom_target( '73-seat-late.rules', input : '73-seat-late.rules.m4',