On Sat, Mar 23, 2013 at 1:57 PM, Kay Sievers <[email protected]> wrote: > On Sat, Mar 23, 2013 at 12:16 AM, Lennart Poettering > <[email protected]> wrote: >> On Tue, 19.03.13 17:36, Ludwig Nussel ([email protected]) wrote: >> >>> useful to get ACLs on files, sockets etc not known to udev >> >> Can't say I like this one. Sounds like an awful lot of code to me to >> support evil closed source drivers. >> >> Kay, what do you say? >> >> If we could find a simpler way (for example, a list setting in >> logind.conf) and emphasize that this is for any file, for example >> sockets/fifos, this might be more palatable to me, but I still don't >> like it. > > If possible, I would avoid another setting. > > We should rather look into making the "dead" device nodes exported by > the kernel in: > /lib/modules/$(uname -r)/modules.devname > work with ACLs. > > This does not only solve the problems with proprietary modules, they > would just ship their device node info in the module itself. But would > also apply the ACL to things like: > /dev/snd/seq > where ordinary users cannot trigger the on-demand module-load. The ACL > will only be applied after the module is loaded. > > It's all not that trivial, but solvable I guess. The config for the > ACLs and the permissions is stored in udev rules, and we would need to > export that somehow to the uaccess code.
This seems to apply the ACL to /dev/snd/seq: http://people.freedesktop.org/~kay/0001-udev-export-dead-device-nodes-to-run-udev-devnode-ua.patch Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
