On Tue, 2013-04-30 at 22:44 +0200, Kay Sievers wrote: > On Tue, Apr 30, 2013 at 9:16 PM, Alex Williamson > <alex.william...@redhat.com> wrote: > > The /dev/vfio/vfio device file is intended to be an unprivileged > > interface. > > If that is common, and not subject to system policy, the kernel driver > should request that right away, and better not rely on udev rules to > adjust that. Like it is done here: > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/tty_io.c#n3494 > > New stuff should go into udev only if it is subject of necessary > "configurability" or if the kernel has more use cases which should not > work that way, and therefore the kernel cannot carry out the policy on > its own.
Oh, I didn't notice I had control here. Thanks, I'll fix it in the kernel! Alex > > Only by attaching it to a group (/dev/vfio/$GROUP) does > > it allow privileged access. The group is therefore used to grant > > access and /dev/vfio/vfio can be used by anyone. Update the udev > > rules to provide this. > > > +SUBSYSTEM=="vfio", KERNEL=="vfio", MODE="0666" > > > +SUBSYSTEM=="vfio", KERNEL=="vfio", TAG+="uaccess" > > Hmm, I don't understand, 0666 is open to anybody, all the time. What > would an additional ACL do here? > > Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel