Am 18.10.21 um 09:34 schrieb Joseph Carter:
I'm actually not in group video. I have simply been granted access to the /dev/video* devices by virtue of having logged in at the console. That explains why Debian doesn't have this—Debian is not trying to use ACLs for device access. I hadn't needed it for the video devices because of this in 70-uaccess.rules:# Webcams, frame grabber, TV cards SUBSYSTEM=="video4linux", TAG+="uaccess" SUBSYSTEM=="dvb", TAG+="uaccess" I've corrected that (and added myself to several other groups I can see I probably want to be in based on my "other" user on the system as well. I think the TAG+="uaccess" for SUBSYSTEM=="media" is a good idea, since I think the uaccess tag for console users is probably intended by RedHat's holy Gnoman Empire, if one is not using udev/systemd, ACLs won't get assigned and the group is necessary. I'll leave the question of closing this or considering implementing it to you and the systemd team.
As said, this is not something that should imho be addressed via downstream patch. So if you have an interest in this, please consider filing this upstream.
Joseph On Mon, Oct 18, 2021, at 00:12, Michael Biebl wrote:Control: tags -1 + upstream Hello Am 18.10.21 um 08:20 schrieb Joseph Carter:Package: udev Version: 249.5-1 Severity: normal Many webcams new use more than the standard /dev/videoN device to control them through e.g. uvcdynctrl. For example, here is my Logitech C930e, which is a pretty common example on Debian: ``` tjcarter@aki:~$ uvcdynctrl -l Listing available devices: video0 Logitech Webcam C930e Media controller device: /dev/media0 ERROR: Unable to open media controller device '/dev/media0': Permission denied (Error: 13) ERROR: Unable to list device entities: Invalid device or device cannot be opened. (Code: 5) video1 Logitech Webcam C930e Media controller device /dev/media1 doesn't exist ERROR: Unable to list device entities: Invalid device or device cannot be opened. (Code: 5) ``` Okay, I have no idea why there are two /dev/video entries there since only the first one actually is a video device. Either way, you can see that there's an error accessing /dev/media0, which is definitely provided by the camera: ``` tjcarter@aki:~$ ls -l /dev/media* crw-rw----+ 1 root video 239, 0 Oct 17 11:01 /dev/media0 tjcarter@aki:~$ cat /sys/dev/char/239\:0/model Logitech Webcam C930e ``` I should have access to this as a console user, but I don't. Searching online, I found this file, named 65-media-uaccess.rules which is supposedly part of systemd … but not on my system it isn't!Where exactly did you find this information? My online searches turn up nothing Do you have a reference? Looking at the systemd/udev git repo, it never shipped a file named 65-media-uaccess.rules afaics``` # SPDX-License-Identifier: LGPL-2.1+ # # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. ACTION=="remove", GOTO="media_uaccess_end" ENV{MAJOR}=="", GOTO="media_uaccess_end" # Newer Webcams, frame grabber, TV cards SUBSYSTEM=="media", TAG+="uaccess" LABEL="media_uaccess_end" ``` Sure enough, adding it to the system fixes the permission error: ``` tjcarter@aki:~$ uvcdynctrl -l Listing available devices: video0 Logitech Webcam C930e Media controller device: /dev/media0 Entity 1: Logitech Webcam C930e. Type: 65537, Revision: 0, Flags: 1, Group-id: 0, Pads: 1, Links: 0 Device node Entity: 1, Pad 0, Flags: 1 video1 Logitech Webcam C930e Media controller device /dev/media1 doesn't exist ERROR: Unable to list device entities: Invalid device or device cannot be opened. (Code: 5) tjcarter@aki:~$ uvcdynctrl -c Listing available controls for device video0: Brightness Contrast Saturation White Balance Temperature, Auto Gain Power Line Frequency White Balance Temperature Sharpness Backlight Compensation Exposure, Auto Exposure (Absolute) Exposure, Auto Priority Pan (Absolute) Tilt (Absolute) Focus (absolute) Focus, Auto Zoom, Absolute LED1 Mode LED1 Frequency tjcarter@aki:~$ uvcdynctrl -g "Zoom, Absolute" 100 tjcarter@aki:~$ uvcdynctrl -s "Zoom, Absolute" 150 tjcarter@aki:~$ uvcdynctrl -g "Zoom, Absolute" 150 ``` (This by the way zooms the camera in to have a tighter focus on me and less my kitchen behind me.) On some cameras (my IPEVO document camera for example) access to the associated /dev/mediaN device is required to put the camera into a mode offering (compressed) high-resolution AND high-framerate mode. The aforementioned IPEVO can do 4k at 30fps, but Cheese and OBS are unable to set that mode without access to the media controller. Is there a reason the tag for the media subsystem is not found on Debian systems? It seems currently or previously it was intended by systemd's devs that console users have access to it. Can or should it be made that way by default on Debian systems?Looking at /lib/udev/rules.d/50-udev-default.rules, I see a static group permission for those types of devices: SUBSYSTEM=="media", GROUP="video" So I assume if you are in group video, you should have access to those devices. In don't find anything in /lib/udev/rules.d/70-uaccess.rules related to those types of devices. I'm not sure, if this intentional or not. Can you please raise this upstream at https://github.com/systemd/systemd/issues/new I'm not really familiar with those types of devices to assess whether it's safe to ship such a rule which set the uaccess tag or not. And if so, it should definitely be addressed upstream not via a downstream patch/change. Regards, Michael Attachments: * OpenPGP_signature
OpenPGP_signature
Description: OpenPGP digital signature
