Package: udev Version: 0.054-3 Followup-For: Bug #300435 With regard to /dev/.static/dev having 0700 permissions and therefore breaking df and similar tools: I don't think it is acceptable for this to happen. It is also, of course, not acceptable to have a security risk with the static /dev being user accessible. I would therefore like to suggest something that seems to fix things, although it might be rather, um, ugly.
At startup, chmod the static /dev to be 0755. This will ensure it works correctly even if udev isn't started later on. Then, instead of bind-mounting the static /dev, bind-mount / and chmod the static dev to 0700. This way, the mounted directory is user-accessible (df works), but access to the static /dev is limited. This won't work with a read-only root, and might cause all sorts of problems with security monitors and such, but those could be trained to allow it. It would be nice to have kernel magic to do the permission mangling without actually touching the filesystem, but I don't think that is currently possible (that is, it would require kernel patching). -- Package-specific info: -- /etc/udev/rules.d/: /etc/udev/rules.d/: yhteensà 0 lrwxrwxrwx 1 root root 19 2005-03-04 23:41 cd-aliases.rules -> ../cd-aliases.rules lrwxrwxrwx 1 root root 13 2005-03-04 23:41 udev.rules -> ../udev.rules lrwxrwxrwx 1 root root 12 2005-03-20 09:42 z_hal-plugdev.rules -> ../hal.rules -- /sys/: /sys/block/hda/dev /sys/block/hda/hda1/dev /sys/block/hda/hda2/dev /sys/block/hda/hda5/dev /sys/block/hdc/dev /sys/block/ram0/dev /sys/block/ram1/dev /sys/block/ram10/dev /sys/block/ram11/dev /sys/block/ram12/dev /sys/block/ram13/dev /sys/block/ram14/dev /sys/block/ram15/dev /sys/block/ram2/dev /sys/block/ram3/dev /sys/block/ram4/dev /sys/block/ram5/dev /sys/block/ram6/dev /sys/block/ram7/dev /sys/block/ram8/dev /sys/block/ram9/dev /sys/block/sda/dev /sys/block/sdb/dev /sys/block/sdb/sdb1/dev /sys/block/sdc/dev /sys/block/sdd/dev /sys/block/sde/dev /sys/block/sde/sde1/dev /sys/block/sdf/dev /sys/block/sdf/sdf1/dev /sys/class/input/event0/dev /sys/class/input/event1/dev /sys/class/input/mice/dev /sys/class/input/mouse0/dev /sys/class/input/ts0/dev /sys/class/misc/agpgart/dev /sys/class/misc/device-mapper/dev /sys/class/misc/hpet/dev /sys/class/misc/psaux/dev /sys/class/misc/rtc/dev /sys/class/sound/adsp/dev /sys/class/sound/audio/dev /sys/class/sound/audio1/dev /sys/class/sound/controlC0/dev /sys/class/sound/controlC1/dev /sys/class/sound/dsp/dev /sys/class/sound/dsp1/dev /sys/class/sound/mixer/dev /sys/class/sound/mixer1/dev /sys/class/sound/pcmC0D0c/dev /sys/class/sound/pcmC0D0p/dev /sys/class/sound/pcmC0D1c/dev /sys/class/sound/pcmC0D2c/dev /sys/class/sound/pcmC0D3c/dev /sys/class/sound/pcmC0D4p/dev /sys/class/sound/pcmC1D0c/dev /sys/class/sound/pcmC1D0p/dev /sys/class/sound/timer/dev -- Kernel configuration: isapnp_init not present. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686 Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Versions of packages udev depends on: ii hotplug 0.0.20040329-19 Linux Hotplug Scripts ii initscripts 2.86.ds1-1 Standard scripts needed for bootin ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii makedev 2.3.1-77 creates device files in /dev ii sed 4.1.4-2 The GNU sed stream editor -- no debconf information
