[systemd-devel] logind device access weird behavior

[serenissi]

I noticed a phenomenon about logind managed devices (drm node). I have two users, localuser and testuser, the former has a session in seat0 (this is important). I attached drm card1 to new seat `seat1` and set 777 permission to the dev node /dev/dri/card1. Now the acl looks like

# file: dev/dri/card1
# owner: root
# group: video
user::rwx
group::---
mask::rwx
other::rwx





# file: dev/dri/card1
# owner: root
# group: video
user::rwx
user:localuser:rw-
group::---
mask::rw-
other::rwx






~ serene

as expected. Now if I do from a localuser shell: sudo -u testuser cat /dev/dri/card1, the device opens as expected. However doing so as localuser results in permission denied. But if I add another acl entry with setfacl -m u:localuser:rw /dev/dri/card1, cat /dev/dri/card1 suddenly works as expected. In this case the acl is here the `other` entry makes the `user:localuser` entry pointless in common sense, which is not the case. My hunch is ebpf but I couldn't find where this logic is defined in systemd tree. Could anyone here help me with that?

OpenPGP_0x20257A7131FFF28B.asc
Description: OpenPGP public key

OpenPGP_signature.asc
Description: OpenPGP digital signature