[gentoo-dev] Handling /dev/rfkill, testers wanted

[gentoo-dev] Handling /dev/rfkill, testers wanted

[Samuli Suominen]

- sys-apps/systemd has it's own service to handle /dev/rfkill from
99-systemd.rules we don't install with sys-fs/udev:

SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"

- so this is about sys-fs/udev (and perhaps, sys-auth/consolekit for ACLs)
- since the udev .rules are not application specific, we should control
it from sys-fs/udev's /lib/udev/rules.d/40-gentoo.rules
- sys-fs/udev leaves it to root:root as:

KERNEL=="rfkill", MODE="0664"

- third party packages like mate-bluetooth, gnome-bluetooth install both
their own udev .rules to adjust /dev/rfkill to plugdev:

KERNEL=="rfkill", GROUP="plugdev",    MODE="0664"

So I'd like to propose some unification:

I don't have a system with /dev/rfkill unfortunately to test this, but I
believe we should add this to 40-gentoo.rules and create group 'rfkill':

SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"

And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as the
original filename in upstream ConsoleKit is 70-udev-acl.rules):

SUBSYSTEM=="rfkill", TAG+="udev-acl"

So that it would then look like:

$ ls -ld /dev/rfkill
crw-rw----+ 1 root rfkill 116, 1 Feb 21 16:27 /dev/rfkill

Notice the "+" there for ACLs if user is active (logged in using
ConsoleKit):

$ getfacl -a /dev/rfkill
# file: dev/rfkill
# owner: root
# group: rfkill
user::rw-
user:ssuominen:rw-
group::rw-
mask::rw-
other::---

I didn't actually run that just on /dev/rfkill, but I took an example
from /dev/snd/seq, and edited those at this mail.

I'd like someone with /dev/rfkill to test I'm right, if possible, and
verify no other cruft is interfering with it (like those of installed by
those apps I mentioned, `grep rfkill /lib/udev/rules.d/*`)

Any thoughts?

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Ian Stakenvicius]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/03/14 02:17 PM, Samuli Suominen wrote:
> - sys-fs/udev leaves it to root:root as:
> 
> KERNEL=="rfkill", MODE="0664"
> 
> - third party packages like mate-bluetooth, gnome-bluetooth install
> both their own udev .rules to adjust /dev/rfkill to plugdev:
> 
> KERNEL=="rfkill", GROUP="plugdev",    MODE="0664"
> 
> So I'd like to propose some unification:
> 
> I don't have a system with /dev/rfkill unfortunately to test this,
> but I believe we should add this to 40-gentoo.rules and create
> group 'rfkill':
> 
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
> 
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> the original filename in upstream ConsoleKit is
> 70-udev-acl.rules):
> 
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
> 



As the other per-package rules already setting GROUP=  are providing
an understandable legacy behaviour (iirc membership in plugdev is
still the de-facto way to provide access rights when no consolekit or
similar control method is installed), I wonder if we can skip the
group assignment.

- From what I know about ACL's, the 70-gentoo-acl.rules would still work
fine even if the group remains ":root".

Thoughts?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlMaIIYACgkQ2ugaI38ACPBrRwEAgRRt12g3BQcVqfSYg1IavgQA
lNdW7iPqpnq84+rH4tsBAK3JAlgARTngWgDD95zXFdCMmHcLuksfwcMyNduRsY6w
=tMVr
-----END PGP SIGNATURE-----

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Samuli Suominen]

On 07/03/14 21:39, Ian Stakenvicius wrote:
> On 07/03/14 02:17 PM, Samuli Suominen wrote:
> > - sys-fs/udev leaves it to root:root as:
>
> > KERNEL=="rfkill", MODE="0664"
>
> > - third party packages like mate-bluetooth, gnome-bluetooth install
> > both their own udev .rules to adjust /dev/rfkill to plugdev:
>
> > KERNEL=="rfkill", GROUP="plugdev",    MODE="0664"
>
> > So I'd like to propose some unification:
>
> > I don't have a system with /dev/rfkill unfortunately to test this,
> > but I believe we should add this to 40-gentoo.rules and create
> > group 'rfkill':
>
> > SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
>
> > And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> > the original filename in upstream ConsoleKit is
> > 70-udev-acl.rules):
>
> > SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
>
>
>
> As the other per-package rules already setting GROUP=  are providing
> an understandable legacy behaviour (iirc membership in plugdev is
> still the de-facto way to provide access rights when no consolekit or
> similar control method is installed), I wonder if we can skip the
> group assignment.
>
> - From what I know about ACL's, the 70-gentoo-acl.rules would still work
> fine even if the group remains ":root".
>
> Thoughts?
>

I'm okay with leaving it as 'root' for now, since I haven't yet
implemented my splitted "plugdev"
idea:

I've been waiting for the day PolicyKit upstream does something stupid
like makes it work only with
systemd-logind, so that ConsoleKit is no-op other than udev-acl still
working
If and when that happens, I doubt many would want ConsoleKit installed
at all
I've thought about this a lot, and the best contigency plan I've come up
with is to ship vendor based
PolicyKit .rules files for _split_ plugdev behavior, groups like
ArchLinux has:

'power' for upower and related
'network' for networkmanager and related, and this is likely where
'rfkill' would belong then too
'storage' for udisks and related

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Samuli Suominen]

[ ... ]

So, make sure only 50-udev-default.rules has it's rfkill line and create
file 70-gentoo-acl.rules with content of:

SUBSYSTEM=="rfkill", TAG+="udev-acl"

This would make it work with ACLs "+" if user is viewed as 'active = TRUE' in `ck-list-sessions`

Can someone confirm?

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Samuli Suominen]

On 07/03/14 21:57, Samuli Suominen wrote:
> [ ... ]
>
> So, make sure only 50-udev-default.rules has it's rfkill line and create
> file 70-gentoo-acl.rules with content of:
>
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
> This would make it work with ACLs "+" if user is viewed as 'active = TRUE' in `ck-list-sessions`
>
> Can someone confirm?
>
>

I don't get why 99-systemd.rules uses SUBSYSTEM=="rfkill" but someone
just posted me this:

$ udevadm info -a --name /dev/rfkill

  looking at device '/devices/virtual/misc/rfkill':
    KERNEL=="rfkill"
    SUBSYSTEM=="misc"
    DRIVER==""

So it would have to be KERNEL=="rfkill" instead of SUBSYSTEM=="rfkill"?
Would be so much easier if I had a device that created /dev/rfkill, I
wonder if that can be simulated somehow sane.

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Alexander Tsoy]

В Fri, 07 Mar 2014 22:15:40 +0200
Samuli Suominen <ssuominen@gentoo.org> пишет:

> 
> On 07/03/14 21:57, Samuli Suominen wrote:
> > [ ... ]
> >
> > So, make sure only 50-udev-default.rules has it's rfkill line and
> > create file 70-gentoo-acl.rules with content of:
> >
> > SUBSYSTEM=="rfkill", TAG+="udev-acl"
> >
> > This would make it work with ACLs "+" if user is viewed as 'active
> > = TRUE' in `ck-list-sessions`
> >
> > Can someone confirm?
> >
> >
> 
> I don't get why 99-systemd.rules uses SUBSYSTEM=="rfkill" but someone
> just posted me this:
> 
> $ udevadm info -a --name /dev/rfkill
> 
>   looking at device '/devices/virtual/misc/rfkill':
>     KERNEL=="rfkill"
>     SUBSYSTEM=="misc"
>     DRIVER==""
> 
> So it would have to be KERNEL=="rfkill" instead of
> SUBSYSTEM=="rfkill"? Would be so much easier if I had a device that
> created /dev/rfkill, I wonder if that can be simulated somehow sane.
> 

$ sudo udevadm info -q all --path /sys/class/rfkill/rfkill0 
P: /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb8/8-2/8-2.2/8-2.2:1.0/bluetooth/hci0/rfkill0
E:
DEVPATH=/devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb8/8-2/8-2.2/8-2.2:1.0/bluetooth/hci0/rfkill0
E: ID_PATH=pci-0000:02:00.0-usb-0:2.2:1.0 E:
ID_PATH_TAG=pci-0000_02_00_0-usb-0_2_2_1_0 E: RFKILL_NAME=hci0
E: RFKILL_STATE=1
E: RFKILL_TYPE=bluetooth
E: SUBSYSTEM=rfkill
E: SYSTEMD_WANTS=systemd-rfkill@rfkill0.service
E: TAGS=:systemd:
E: USEC_INITIALIZED=59720

-- 
Alexander Tsoy

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Alexander Tsoy]

В Fri, 07 Mar 2014 21:17:20 +0200
Samuli Suominen <ssuominen@gentoo.org> пишет:

> - sys-apps/systemd has it's own service to handle /dev/rfkill from
> 99-systemd.rules we don't install with sys-fs/udev:
> 
> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
> 

The above rule from systemd just run a special unit which
saves/restores rfkill state across reboots. It has nothing to do
with permissions of device nodes and/or ACLs.

> - so this is about sys-fs/udev (and perhaps, sys-auth/consolekit for
> ACLs)
> - since the udev .rules are not application specific, we should
> control it from sys-fs/udev's /lib/udev/rules.d/40-gentoo.rules
> - sys-fs/udev leaves it to root:root as:
> 
> KERNEL=="rfkill", MODE="0664"
> 
> - third party packages like mate-bluetooth, gnome-bluetooth install
> both their own udev .rules to adjust /dev/rfkill to plugdev:
> 
> KERNEL=="rfkill", GROUP="plugdev",    MODE="0664"
> 
> So I'd like to propose some unification:
> 
> I don't have a system with /dev/rfkill unfortunately to test this,
> but I believe we should add this to 40-gentoo.rules and create group
> 'rfkill':
> 
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
> 
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> the original filename in upstream ConsoleKit is 70-udev-acl.rules):
> 
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
> 
> So that it would then look like:
> 
> $ ls -ld /dev/rfkill
> crw-rw----+ 1 root rfkill 116, 1 Feb 21 16:27 /dev/rfkill
> 
> Notice the "+" there for ACLs if user is active (logged in using
> ConsoleKit):
> 
> $ getfacl -a /dev/rfkill
> # file: dev/rfkill
> # owner: root
> # group: rfkill
> user::rw-
> user:ssuominen:rw-
> group::rw-
> mask::rw-
> other::---
> 
> I didn't actually run that just on /dev/rfkill, but I took an example
> from /dev/snd/seq, and edited those at this mail.
> 
> I'd like someone with /dev/rfkill to test I'm right, if possible, and
> verify no other cruft is interfering with it (like those of installed
> by those apps I mentioned, `grep rfkill /lib/udev/rules.d/*`)
> 
> Any thoughts?
> 


-- 
Alexander Tsoy

[gentoo-dev] Re: Handling /dev/rfkill, testers wanted

[Steven J. Long]

On Fri, Mar 07, 2014 at 09:17:20PM +0200, Samuli Suominen wrote:
> - sys-apps/systemd has it's own service to handle /dev/rfkill from
> 99-systemd.rules we don't install with sys-fs/udev:
> 
> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
> 
> - so this is about sys-fs/udev (and perhaps, sys-auth/consolekit for ACLs)
> - since the udev .rules are not application specific, we should control
> it from sys-fs/udev's /lib/udev/rules.d/40-gentoo.rules
> - sys-fs/udev leaves it to root:root as:
> 
> KERNEL=="rfkill", MODE="0664"
> 
> - third party packages like mate-bluetooth, gnome-bluetooth install both
> their own udev .rules to adjust /dev/rfkill to plugdev:
> 
> KERNEL=="rfkill", GROUP="plugdev",    MODE="0664"
> 
> So I'd like to propose some unification:
> 
> I don't have a system with /dev/rfkill unfortunately to test this, but I
> believe we should add this to 40-gentoo.rules and create group 'rfkill':
> 
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"

This doesn't make much sense: the group should be plugdev.

It's only understandable when we read your last mail, about a
not-yet-implemented split plugdev idea. In the interim, please
keep it to plugdev, as other packages and the admin expect.
 
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as the
> original filename in upstream ConsoleKit is 70-udev-acl.rules):
> 
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
> 
> Any thoughts?

Seems KERNEL might be right.

-- 
#friendly-coders -- We're friendly, but we're not /that/ friendly ;-)

Re: [gentoo-dev] Handling /dev/rfkill, testers wanted

[Samuli Suominen]

On 08/03/14 00:50, Alexander Tsoy wrote:
> В Fri, 07 Mar 2014 21:17:20 +0200
> Samuli Suominen <ssuominen@gentoo.org> пишет:
>
>> - sys-apps/systemd has it's own service to handle /dev/rfkill from
>> 99-systemd.rules we don't install with sys-fs/udev:
>>
>> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
>> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
>>
> The above rule from systemd just run a special unit which
> saves/restores rfkill state across reboots. It has nothing to do
> with permissions of device nodes and/or ACLs.

OK. Didn't know that. Still, 40-gentoo.rules is per implementation specific,
so I'll leave sys-apps/systemd handle their own. They might, or might not
take action based on the results of this thread.

Mainly it was to demonstrate the SUBSYSTEM=="rfkill" use that's a change
to the
KERNEL=="rfkill", SUBSYSTEM=="misc" I've seen in the past.