diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | meson.build | 2 | ||||
| -rw-r--r-- | meson_options.txt | 4 | ||||
| -rw-r--r-- | rules/50-udev-default.rules.in | 5 | ||||
| -rw-r--r-- | src/login/70-uaccess.rules | 5 | ||||
| -rw-r--r-- | sysusers.d/basic.conf.in | 1 |
6 files changed, 15 insertions, 6 deletions
@@ -14,6 +14,10 @@ CHANGES WITH 236 in spe: achieves a more correct DNS resolution by software that bypasses local DNS APIs (e.g. NSS). + * uaccess tag has been dropped from /dev/kvm and /dev/dri/renderD*. + These devices now have 0666 permsions by default. /dev/dri/renderD* + will now be owned by the render group along with /dev/kfd. + CHANGES WITH 235: * A new modprobe.d drop-in is now shipped by default that sets the diff --git a/meson.build b/meson.build index 34eed35190..e935a09374 100644 --- a/meson.build +++ b/meson.build @@ -614,6 +614,7 @@ if get_option('wheel-group') endif substs.set('DEV_KVM_MODE', get_option('dev-kvm-mode')) +substs.set('GROUP_RENDER_MODE', get_option('group-render-mode')) kill_user_processes = get_option('default-kill-user-processes') conf.set10('KILL_USER_PROCESSES', kill_user_processes) @@ -2452,6 +2453,7 @@ status = [ 'maximum system UID: @0@'.format(system_uid_max), 'maximum system GID: @0@'.format(system_gid_max), '/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')), + 'render group access mode: @0@'.format(get_option('group-render-mode')), 'certificate root: @0@'.format(get_option('certificate-root')), 'support URL: @0@'.format(support_url), 'nobody user name: @0@'.format(get_option('nobody-user')), diff --git a/meson_options.txt b/meson_options.txt index 3de72acf95..037c298887 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -144,8 +144,10 @@ option('nobody-user', type : 'string', option('nobody-group', type : 'string', description : 'The name of the nobody group (the one with GID 65534)', value : 'nobody') -option('dev-kvm-mode', type : 'string', value : '0660', +option('dev-kvm-mode', type : 'string', value : '0666', description : '/dev/kvm access mode') +option('group-render-mode', type : 'string', value : '0666', + description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).') option('default-kill-user-processes', type : 'boolean', description : 'the default value for KillUserProcesses= setting') option('gshadow', type : 'boolean', diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in index d3d1c9a206..71e716913c 100644 --- a/rules/50-udev-default.rules.in +++ b/rules/50-udev-default.rules.in @@ -31,11 +31,14 @@ SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664" SUBSYSTEM=="video4linux", GROUP="video" SUBSYSTEM=="graphics", GROUP="video" -SUBSYSTEM=="drm", GROUP="video" +SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video" SUBSYSTEM=="dvb", GROUP="video" SUBSYSTEM=="media", GROUP="video" SUBSYSTEM=="cec", GROUP="video" +SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@" +SUBSYSTEM=="kfd", GROUP="render", MODE="@GROUP_RENDER_MODE@" + SUBSYSTEM=="sound", GROUP="audio", \ OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer" diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules index 50dcd2e275..e946bf2380 100644 --- a/src/login/70-uaccess.rules +++ b/src/login/70-uaccess.rules @@ -43,10 +43,7 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess" SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess" # DRI video devices -SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess" - -# KVM -SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess" +SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess" # smart-card readers ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess" diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in index 7d6021e855..6c23f4216d 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in @@ -32,6 +32,7 @@ g lp - - - g kvm - - - g tape - - - g video - - - +g render - - - # Default group for normal users g users - - - |