On Tue, Apr 30, 2013 at 9:16 PM, Alex Williamson <[email protected]> wrote: > The /dev/vfio/vfio device file is intended to be an unprivileged > interface.
If that is common, and not subject to system policy, the kernel driver should request that right away, and better not rely on udev rules to adjust that. Like it is done here: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/tty_io.c#n3494 New stuff should go into udev only if it is subject of necessary "configurability" or if the kernel has more use cases which should not work that way, and therefore the kernel cannot carry out the policy on its own. > Only by attaching it to a group (/dev/vfio/$GROUP) does > it allow privileged access. The group is therefore used to grant > access and /dev/vfio/vfio can be used by anyone. Update the udev > rules to provide this. > +SUBSYSTEM=="vfio", KERNEL=="vfio", MODE="0666" > +SUBSYSTEM=="vfio", KERNEL=="vfio", TAG+="uaccess" Hmm, I don't understand, 0666 is open to anybody, all the time. What would an additional ACL do here? Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
