[systemd-devel] [PATCH] Smack enabled systems need /dev special devices correctly labeled
Michael Demeter
michael.demeter at intel.com
Mon Oct 14 16:28:47 PDT 2013
- Add AC_DEFINE for HAVE_SMACK to configure.ac
- Add check for smack in Makefile.am to include smack default rules
- Add smack default rules to label /dev/xxx correctly for access
- Whitespace fixes
Signed-off-by: Michael Demeter <michael.demeter at intel.com>
---
Makefile.am | 5 +++++
configure.ac | 1 +
rules/55-udev-smack-default.rules | 20 ++++++++++++++++++++
3 files changed, 26 insertions(+)
create mode 100644 rules/55-udev-smack-default.rules
diff --git a/Makefile.am b/Makefile.am
index 6601244..f3c3baf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2271,6 +2271,11 @@ dist_udevrules_DATA += \
rules/80-net-name-slot.rules \
rules/95-udev-late.rules
+if HAVE_SMACK
+dist_udevrules_DATA += \
+ rules/55-udev-smack-default.rules
+endif
+
dist_udevhwdb_DATA = \
hwdb/20-pci-vendor-model.hwdb \
hwdb/20-pci-classes.hwdb \
diff --git a/configure.ac b/configure.ac
index 6cda8f9..e0dadec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -532,6 +532,7 @@ AS_HELP_STRING([--with-smack-run-label=STRING],
if test "x${have_smack}" = xyes ; then
AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
+ AM_CONDITIONAL([HAVE_SMACK], [true])
fi
# ------------------------------------------------------------------------------
diff --git a/rules/55-udev-smack-default.rules b/rules/55-udev-smack-default.rules
new file mode 100644
index 0000000..1a64a4c
--- /dev/null
+++ b/rules/55-udev-smack-default.rules
@@ -0,0 +1,20 @@
+# do not edit this file, it will be overwritten on update
+
+KERNEL=="null", SECLABEL{smack}="*"
+KERNEL=="zero", SECLABEL{smack}="*"
+KERNEL=="console", SECLABEL{smack}="*"
+KERNEL=="kmsg", SECLABEL{smack}="*"
+KERNEL=="video*", SECLABEL{smack}="*"
+KERNEL=="card*", SECLABEL{smack}="*"
+
+SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*"
+SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*"
+SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*"
+
+SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
+SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
+SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", SECLABEL{smack}="*"
+SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty", SECLABEL{smack}="*"
+KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout", SECLABEL{smack}="*"
+
+SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640", SECLABEL{smack}="*"
--
1.8.1.2
More information about the systemd-devel
mailing list