[systemd-devel] logind device access weird behavior
serenissi
serenissi at inventati.org
Tue Apr 1 14:21:15 UTC 2025
I noticed a phenomenon about logind managed devices (drm node). I have
two users, localuser and testuser, the former has a session in seat0
(this is important). I attached drm card1 to new seat `seat1` and set
777 permission to the dev node /dev/dri/card1. Now the acl looks like
# file: dev/dri/card1
# owner: root
# group: video
user::rwx
group::---
mask::rwx
other::rwx
as expected. Now if I do from a localuser shell: sudo -u testuser cat
/dev/dri/card1, the device opens as expected. However doing so as
localuser results in permission denied.
But if I add another acl entry with setfacl -m u:localuser:rw
/dev/dri/card1, cat /dev/dri/card1 suddenly works as expected. In this
case the acl is
# file: dev/dri/card1
# owner: root
# group: video
user::rwx
user:localuser:rw-
group::---
mask::rw-
other::rwx
here the `other` entry makes the `user:localuser` entry pointless in
common sense, which is not the case.
My hunch is ebpf but I couldn't find where this logic is defined in
systemd tree. Could anyone here help me with that?
~ serene
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20257A7131FFF28B.asc
Type: application/pgp-keys
Size: 652 bytes
Desc: OpenPGP public key
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250401/36105ece/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250401/36105ece/attachment.sig>
More information about the systemd-devel
mailing list