[systemd-devel] Need help to debug TAG-= rule

Manuel Reimer mail+systemd at m-reimer.de
Sun May 16 11:07:30 UTC 2021


Hello systemd-devel list,


according to the changelog of udev, it should be possible to clear TAGs 
using "TAG-=" since systemd 217:

https://cgit.freedesktop.org/systemd/systemd/tree/NEWS?id=v217#n70

But either I'm completely failing with using this, or there is still a 
bug in systemd which renders this feature useless.


My distributor installs a udev rule file at 
"/usr/lib/udev/rules.d/70-steam-input.rules" which contains:

     KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", 
TAG+="uaccess", OPTIONS+="static_node=uinput"

(don't ask why the OPTIONS+= is duplicated but that's what my 
distributor installs)


I want to get rid of the 'TAG+="uaccess"' on my system but want to keep 
all the other rules in this file without copying and editing it after 
every update. So I created the folllowing as 
"/etc/udev/rules.d/72-steam-security.rules":

KERNEL=="uinput", SUBSYSTEM=="misc", TAG-="uaccess"


But after rebooting my system I still have:

$ getfacl /dev/uinput
getfacl: Removing leading '/' from absolute path names
# file: dev/uinput
# owner: root
# group: root
user::rw-
user:manuel:rw-
group::---
mask::rw-
other::---

So I still get write access to the device which I don't want to have


I don't know at all how to dig into this. A first try was to use 
"udevadm test /devices/virtual/misc/uinput" but this doesn't even 
mention the "70-steam-input.rules" file.

I did try to just rename "70-steam-input.rules" to be sure it is 
responsible for the "uaccess" tag to be set and it is. If the file is 
renamed, then I no longer get unwanted write permissions.


Can someone please assist with finding the reason for this problem?


Thank you very much in advance


Manuel Reimer



More information about the systemd-devel mailing list