aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Stellard <tstellar@redhat.com>2017-10-31 08:46:24 -0700
committerTom Stellard <tstellar@redhat.com>2017-11-08 08:21:31 -0800
commit4e15a7343cb389e97f3eb4f49699161862d8b8b2 (patch)
tree486b79565c0989c3205c0cc5d8872e822a74cc20
parentudev-rules: Permission changes for /dev/kvm (diff)
downloadsystemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.tar.gz
systemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.tar.bz2
systemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.zip
udev-rules: Permission changes for /dev/dri/renderD*
- Remove the uaccess tag from /dev/dri/renderD*. - Change the owning group from video to render. - Change default mode to 0666. - Add an option to allow users to set the access mode for these devices at compile time.
-rw-r--r--meson.build2
-rw-r--r--meson_options.txt2
-rw-r--r--rules/50-udev-default.rules.in4
-rw-r--r--src/login/70-uaccess.rules2
-rw-r--r--sysusers.d/basic.conf.in1
5 files changed, 9 insertions, 2 deletions
diff --git a/meson.build b/meson.build
index 34eed3519..e935a0937 100644
--- a/meson.build
+++ b/meson.build
@@ -614,6 +614,7 @@ if get_option('wheel-group')
endif
substs.set('DEV_KVM_MODE', get_option('dev-kvm-mode'))
+substs.set('GROUP_RENDER_MODE', get_option('group-render-mode'))
kill_user_processes = get_option('default-kill-user-processes')
conf.set10('KILL_USER_PROCESSES', kill_user_processes)
@@ -2452,6 +2453,7 @@ status = [
'maximum system UID: @0@'.format(system_uid_max),
'maximum system GID: @0@'.format(system_gid_max),
'/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')),
+ 'render group access mode: @0@'.format(get_option('group-render-mode')),
'certificate root: @0@'.format(get_option('certificate-root')),
'support URL: @0@'.format(support_url),
'nobody user name: @0@'.format(get_option('nobody-user')),
diff --git a/meson_options.txt b/meson_options.txt
index 50f24df1b..037c29888 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -146,6 +146,8 @@ option('nobody-group', type : 'string',
value : 'nobody')
option('dev-kvm-mode', type : 'string', value : '0666',
description : '/dev/kvm access mode')
+option('group-render-mode', type : 'string', value : '0666',
+ description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).')
option('default-kill-user-processes', type : 'boolean',
description : 'the default value for KillUserProcesses= setting')
option('gshadow', type : 'boolean',
diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index d3d1c9a20..b17d3cf87 100644
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -31,11 +31,13 @@ SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664"
SUBSYSTEM=="video4linux", GROUP="video"
SUBSYSTEM=="graphics", GROUP="video"
-SUBSYSTEM=="drm", GROUP="video"
+SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video"
SUBSYSTEM=="dvb", GROUP="video"
SUBSYSTEM=="media", GROUP="video"
SUBSYSTEM=="cec", GROUP="video"
+SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@"
+
SUBSYSTEM=="sound", GROUP="audio", \
OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules
index 9e9dbae0e..e946bf238 100644
--- a/src/login/70-uaccess.rules
+++ b/src/login/70-uaccess.rules
@@ -43,7 +43,7 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess"
SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess"
# DRI video devices
-SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess"
+SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess"
# smart-card readers
ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess"
diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in
index 7d6021e85..6c23f4216 100644
--- a/sysusers.d/basic.conf.in
+++ b/sysusers.d/basic.conf.in
@@ -32,6 +32,7 @@ g lp - - -
g kvm - - -
g tape - - -
g video - - -
+g render - - -
# Default group for normal users
g users - - -