[systemd-devel] Need help to debug TAG-= rule
Manuel Reimer
mail+systemd at m-reimer.de
Sun May 16 11:07:30 UTC 2021
Hello systemd-devel list,
according to the changelog of udev, it should be possible to clear TAGs
using "TAG-=" since systemd 217:
https://cgit.freedesktop.org/systemd/systemd/tree/NEWS?id=v217#n70
But either I'm completely failing with using this, or there is still a
bug in systemd which renders this feature useless.
My distributor installs a udev rule file at
"/usr/lib/udev/rules.d/70-steam-input.rules" which contains:
KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput",
TAG+="uaccess", OPTIONS+="static_node=uinput"
(don't ask why the OPTIONS+= is duplicated but that's what my
distributor installs)
I want to get rid of the 'TAG+="uaccess"' on my system but want to keep
all the other rules in this file without copying and editing it after
every update. So I created the folllowing as
"/etc/udev/rules.d/72-steam-security.rules":
KERNEL=="uinput", SUBSYSTEM=="misc", TAG-="uaccess"
But after rebooting my system I still have:
$ getfacl /dev/uinput
getfacl: Removing leading '/' from absolute path names
# file: dev/uinput
# owner: root
# group: root
user::rw-
user:manuel:rw-
group::---
mask::rw-
other::---
So I still get write access to the device which I don't want to have
I don't know at all how to dig into this. A first try was to use
"udevadm test /devices/virtual/misc/uinput" but this doesn't even
mention the "70-steam-input.rules" file.
I did try to just rename "70-steam-input.rules" to be sure it is
responsible for the "uaccess" tag to be set and it is. If the file is
renamed, then I no longer get unwanted write permissions.
Can someone please assist with finding the reason for this problem?
Thank you very much in advance
Manuel Reimer
More information about the systemd-devel
mailing list