[systemd-devel] Using systemd/udev acl management to open up additional /dev nodes on request

Hans de Goede hdegoede at redhat.com
Wed Sep 14 07:17:39 PDT 2011


Hi,

Currently when people want to use usbredirection to a virtual machine from
spice-client, they must launch the spice-client as root so that it can
access device nodes under /dev/bus/usb.

Since the purpose is for usbredirection to just work plug and play for
virtual machines, this needs to change.

My plan is to write a (privileged) helper program which will:
1) Check if it is invoked from a console session (using ConsoleKit
    or the new ConsoleKit equivalent functionality in systemd in F-16)
2) Poke PolicyKit asking it if it is ok for the user to get access
    to raw usb devices
3) Do something to actually open up the device to the spice-client,
    there are 2 options:
    a) relax permissions (set an acl)
    b) open the device node and hand over a fd, but since I'm using libusb
    to access the device nodes this is not really an option, leaving only a.

3) Is a part where I've some systemd/udev questions about. Currently
udev already does similar opening up of acl's for the active console
user for things like soundcards, etc. I wonder if somehow I could hook
into udev to make use of this for the usb device nodes (after having
done the policykit tests?

Thanks & Regards,

Hans


More information about the systemd-devel mailing list