diff options
author | Tom Stellard <tstellar@redhat.com> | 2017-10-31 08:46:24 -0700 |
---|---|---|
committer | Tom Stellard <tstellar@redhat.com> | 2017-11-08 08:21:31 -0800 |
commit | 4e15a7343cb389e97f3eb4f49699161862d8b8b2 (patch) | |
tree | 486b79565c0989c3205c0cc5d8872e822a74cc20 | |
parent | udev-rules: Permission changes for /dev/kvm (diff) | |
download | systemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.tar.gz systemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.tar.bz2 systemd-4e15a7343cb389e97f3eb4f49699161862d8b8b2.zip |
udev-rules: Permission changes for /dev/dri/renderD*
- Remove the uaccess tag from /dev/dri/renderD*.
- Change the owning group from video to render.
- Change default mode to 0666.
- Add an option to allow users to set the access mode for these devices at
compile time.
-rw-r--r-- | meson.build | 2 | ||||
-rw-r--r-- | meson_options.txt | 2 | ||||
-rw-r--r-- | rules/50-udev-default.rules.in | 4 | ||||
-rw-r--r-- | src/login/70-uaccess.rules | 2 | ||||
-rw-r--r-- | sysusers.d/basic.conf.in | 1 |
5 files changed, 9 insertions, 2 deletions
diff --git a/meson.build b/meson.build index 34eed3519..e935a0937 100644 --- a/meson.build +++ b/meson.build @@ -614,6 +614,7 @@ if get_option('wheel-group') endif substs.set('DEV_KVM_MODE', get_option('dev-kvm-mode')) +substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) kill_user_processes = get_option('default-kill-user-processes') conf.set10('KILL_USER_PROCESSES', kill_user_processes) @@ -2452,6 +2453,7 @@ status = [ 'maximum system UID: @0@'.format(system_uid_max), 'maximum system GID: @0@'.format(system_gid_max), '/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')), + 'render group access mode: @0@'.format(get_option('group-render-mode')), 'certificate root: @0@'.format(get_option('certificate-root')), 'support URL: @0@'.format(support_url), 'nobody user name: @0@'.format(get_option('nobody-user')), diff --git a/meson_options.txt b/meson_options.txt index 50f24df1b..037c29888 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -146,6 +146,8 @@ option('nobody-group', type : 'string', value : 'nobody') option('dev-kvm-mode', type : 'string', value : '0666', description : '/dev/kvm access mode') +option('group-render-mode', type : 'string', value : '0666', + description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).') option('default-kill-user-processes', type : 'boolean', description : 'the default value for KillUserProcesses= setting') option('gshadow', type : 'boolean', diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in index d3d1c9a20..b17d3cf87 100644 --- a/rules/50-udev-default.rules.in +++ b/rules/50-udev-default.rules.in @@ -31,11 +31,13 @@ SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664" SUBSYSTEM=="video4linux", GROUP="video" SUBSYSTEM=="graphics", GROUP="video" -SUBSYSTEM=="drm", GROUP="video" +SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video" SUBSYSTEM=="dvb", GROUP="video" SUBSYSTEM=="media", GROUP="video" SUBSYSTEM=="cec", GROUP="video" +SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@" + SUBSYSTEM=="sound", GROUP="audio", \ OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer" diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules index 9e9dbae0e..e946bf238 100644 --- a/src/login/70-uaccess.rules +++ b/src/login/70-uaccess.rules @@ -43,7 +43,7 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess" SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess" # DRI video devices -SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" +SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess" # smart-card readers ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in index 7d6021e85..6c23f4216 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -32,6 +32,7 @@ g lp - - - g kvm - - - g tape - - - g video - - - +g render - - - # Default group for normal users g users - - - |