[systemd-devel] logind: support of shared devices

[David Herrmann]

Hi

On Mon, Jan 5, 2015 at 10:07 AM, Oleg Samarin <osamarin68 at gmail.com> wrote:
> Hello!
>
> The default systemd behavior is to grant/revoke access on devices
> attached to a seat when the user activates/deactivates a session on the
> seat.
>
> But sometimes it needs the user has an access to some device when he/she
> activates a session with ANY seat.
>
> For example, I have two seats:
> seat0 with ordinary monitor/keyboard/mouse/usb hub/usb sound card and
> seat1 that is using as a music workstation: it has some midi keyboards
> and sound cards connected. Usually I run midi applications on seat1, but
> sometimes I run them on seat1. All midi applications require the access
> to /dev/snd/seq kernel device. So it should be granted when a user
> activates a session on any seat.
>
> My approach to make this is to introduce a special UDEV tag 'shared'
> that tells logind that this device is attached to all seats and logind
> has to grant access to all sessions on all seats
>
> I've made a patch to systemd/logind that processes the 'shared' tag.
>
> After adding the simple udev rule:
>
> ----------------------------------------------
> KERNEL=="seq", SUBSYSTEM=="sound", TAG+="shared"
> ----------------------------------------------
>
> /dev/snd/seq becomes accessible from all seats.
>
> Could you resolve this patch upstream or propose another way of granting
> access to /dev/snd/seq on activating sessions?

Why not remove the "uaccess" TAG from the device and set your own
permissions? Like:

TAG-="uaccess", MODE=whatever, GROUP=something

This way, logind will never touch the device and your statically set
access-rules will be applied. If you now set the group to your
user-group, only your user will have access to the device, regardless
of the seat it's on.

Thanks
David