[systemd-devel] [PATCH] udev/rules: Add default user access and permissions for vfio
Alex Williamson
alex.williamson at redhat.com
Tue Apr 30 14:09:53 PDT 2013
On Tue, 2013-04-30 at 22:44 +0200, Kay Sievers wrote:
> On Tue, Apr 30, 2013 at 9:16 PM, Alex Williamson
> <alex.williamson at redhat.com> wrote:
> > The /dev/vfio/vfio device file is intended to be an unprivileged
> > interface.
>
> If that is common, and not subject to system policy, the kernel driver
> should request that right away, and better not rely on udev rules to
> adjust that. Like it is done here:
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/tty_io.c#n3494
>
> New stuff should go into udev only if it is subject of necessary
> "configurability" or if the kernel has more use cases which should not
> work that way, and therefore the kernel cannot carry out the policy on
> its own.
Oh, I didn't notice I had control here. Thanks, I'll fix it in the
kernel!
Alex
> > Only by attaching it to a group (/dev/vfio/$GROUP) does
> > it allow privileged access. The group is therefore used to grant
> > access and /dev/vfio/vfio can be used by anyone. Update the udev
> > rules to provide this.
>
> > +SUBSYSTEM=="vfio", KERNEL=="vfio", MODE="0666"
>
> > +SUBSYSTEM=="vfio", KERNEL=="vfio", TAG+="uaccess"
>
> Hmm, I don't understand, 0666 is open to anybody, all the time. What
> would an additional ACL do here?
>
> Kay
More information about the systemd-devel
mailing list