[systemd-devel] [PATCH] udev/rules: Add default user access and permissions for vfio
Alex Williamson
alex.williamson at redhat.com
Tue Apr 30 12:16:43 PDT 2013
The /dev/vfio/vfio device file is intended to be an unprivileged
interface. Only by attaching it to a group (/dev/vfio/$GROUP) does
it allow privileged access. The group is therefore used to grant
access and /dev/vfio/vfio can be used by anyone. Update the udev
rules to provide this.
Signed-off-by: Alex Williamson <alex.williamson at redhat.com>
---
rules/50-udev-default.rules | 2 ++
src/login/70-uaccess.rules | 3 +++
2 files changed, 5 insertions(+)
diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules
index f764789..a5b6492 100644
--- a/rules/50-udev-default.rules
+++ b/rules/50-udev-default.rules
@@ -68,4 +68,6 @@ KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
+SUBSYSTEM=="vfio", KERNEL=="vfio", MODE="0666"
+
LABEL="default_permissions_end"
diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules
index a118f8e..a6f5507 100644
--- a/src/login/70-uaccess.rules
+++ b/src/login/70-uaccess.rules
@@ -71,4 +71,7 @@ ENV{DDC_DEVICE}=="*?", TAG+="uaccess"
# media player raw devices (for user-mode drivers, Android SDK, etc.)
SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
+# VFIO
+SUBSYSTEM=="vfio", KERNEL=="vfio", TAG+="uaccess"
+
LABEL="uaccess_end"
More information about the systemd-devel
mailing list