* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 19:17 [gentoo-dev] Handling /dev/rfkill, testers wanted Samuli Suominen
@ 2014-03-07 19:39 ` Ian Stakenvicius
2014-03-07 19:55 ` Samuli Suominen
2014-03-07 19:57 ` Samuli Suominen
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Ian Stakenvicius @ 2014-03-07 19:39 UTC (permalink / raw
To: gentoo-dev
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 07/03/14 02:17 PM, Samuli Suominen wrote:
> - sys-fs/udev leaves it to root:root as:
>
> KERNEL=="rfkill", MODE="0664"
>
> - third party packages like mate-bluetooth, gnome-bluetooth install
> both their own udev .rules to adjust /dev/rfkill to plugdev:
>
> KERNEL=="rfkill", GROUP="plugdev", MODE="0664"
>
> So I'd like to propose some unification:
>
> I don't have a system with /dev/rfkill unfortunately to test this,
> but I believe we should add this to 40-gentoo.rules and create
> group 'rfkill':
>
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
>
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> the original filename in upstream ConsoleKit is
> 70-udev-acl.rules):
>
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
As the other per-package rules already setting GROUP= are providing
an understandable legacy behaviour (iirc membership in plugdev is
still the de-facto way to provide access rights when no consolekit or
similar control method is installed), I wonder if we can skip the
group assignment.
- From what I know about ACL's, the 70-gentoo-acl.rules would still work
fine even if the group remains ":root".
Thoughts?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlMaIIYACgkQ2ugaI38ACPBrRwEAgRRt12g3BQcVqfSYg1IavgQA
lNdW7iPqpnq84+rH4tsBAK3JAlgARTngWgDD95zXFdCMmHcLuksfwcMyNduRsY6w
=tMVr
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 19:39 ` Ian Stakenvicius
@ 2014-03-07 19:55 ` Samuli Suominen
0 siblings, 0 replies; 9+ messages in thread
From: Samuli Suominen @ 2014-03-07 19:55 UTC (permalink / raw
To: gentoo-dev
On 07/03/14 21:39, Ian Stakenvicius wrote:
> On 07/03/14 02:17 PM, Samuli Suominen wrote:
> > - sys-fs/udev leaves it to root:root as:
>
> > KERNEL=="rfkill", MODE="0664"
>
> > - third party packages like mate-bluetooth, gnome-bluetooth install
> > both their own udev .rules to adjust /dev/rfkill to plugdev:
>
> > KERNEL=="rfkill", GROUP="plugdev", MODE="0664"
>
> > So I'd like to propose some unification:
>
> > I don't have a system with /dev/rfkill unfortunately to test this,
> > but I believe we should add this to 40-gentoo.rules and create
> > group 'rfkill':
>
> > SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
>
> > And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> > the original filename in upstream ConsoleKit is
> > 70-udev-acl.rules):
>
> > SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
>
>
>
> As the other per-package rules already setting GROUP= are providing
> an understandable legacy behaviour (iirc membership in plugdev is
> still the de-facto way to provide access rights when no consolekit or
> similar control method is installed), I wonder if we can skip the
> group assignment.
>
> - From what I know about ACL's, the 70-gentoo-acl.rules would still work
> fine even if the group remains ":root".
>
> Thoughts?
>
I'm okay with leaving it as 'root' for now, since I haven't yet
implemented my splitted "plugdev"
idea:
I've been waiting for the day PolicyKit upstream does something stupid
like makes it work only with
systemd-logind, so that ConsoleKit is no-op other than udev-acl still
working
If and when that happens, I doubt many would want ConsoleKit installed
at all
I've thought about this a lot, and the best contigency plan I've come up
with is to ship vendor based
PolicyKit .rules files for _split_ plugdev behavior, groups like
ArchLinux has:
'power' for upower and related
'network' for networkmanager and related, and this is likely where
'rfkill' would belong then too
'storage' for udisks and related
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 19:17 [gentoo-dev] Handling /dev/rfkill, testers wanted Samuli Suominen
2014-03-07 19:39 ` Ian Stakenvicius
@ 2014-03-07 19:57 ` Samuli Suominen
2014-03-07 20:15 ` Samuli Suominen
2014-03-07 22:50 ` Alexander Tsoy
2014-03-08 0:27 ` [gentoo-dev] " Steven J. Long
3 siblings, 1 reply; 9+ messages in thread
From: Samuli Suominen @ 2014-03-07 19:57 UTC (permalink / raw
To: gentoo-dev
[ ... ]
So, make sure only 50-udev-default.rules has it's rfkill line and create
file 70-gentoo-acl.rules with content of:
SUBSYSTEM=="rfkill", TAG+="udev-acl"
This would make it work with ACLs "+" if user is viewed as 'active = TRUE' in `ck-list-sessions`
Can someone confirm?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 19:57 ` Samuli Suominen
@ 2014-03-07 20:15 ` Samuli Suominen
2014-03-07 22:37 ` Alexander Tsoy
0 siblings, 1 reply; 9+ messages in thread
From: Samuli Suominen @ 2014-03-07 20:15 UTC (permalink / raw
To: gentoo-dev
On 07/03/14 21:57, Samuli Suominen wrote:
> [ ... ]
>
> So, make sure only 50-udev-default.rules has it's rfkill line and create
> file 70-gentoo-acl.rules with content of:
>
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
> This would make it work with ACLs "+" if user is viewed as 'active = TRUE' in `ck-list-sessions`
>
> Can someone confirm?
>
>
I don't get why 99-systemd.rules uses SUBSYSTEM=="rfkill" but someone
just posted me this:
$ udevadm info -a --name /dev/rfkill
looking at device '/devices/virtual/misc/rfkill':
KERNEL=="rfkill"
SUBSYSTEM=="misc"
DRIVER==""
So it would have to be KERNEL=="rfkill" instead of SUBSYSTEM=="rfkill"?
Would be so much easier if I had a device that created /dev/rfkill, I
wonder if that can be simulated somehow sane.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 20:15 ` Samuli Suominen
@ 2014-03-07 22:37 ` Alexander Tsoy
0 siblings, 0 replies; 9+ messages in thread
From: Alexander Tsoy @ 2014-03-07 22:37 UTC (permalink / raw
To: gentoo-dev
В Fri, 07 Mar 2014 22:15:40 +0200
Samuli Suominen <ssuominen@gentoo.org> пишет:
>
> On 07/03/14 21:57, Samuli Suominen wrote:
> > [ ... ]
> >
> > So, make sure only 50-udev-default.rules has it's rfkill line and
> > create file 70-gentoo-acl.rules with content of:
> >
> > SUBSYSTEM=="rfkill", TAG+="udev-acl"
> >
> > This would make it work with ACLs "+" if user is viewed as 'active
> > = TRUE' in `ck-list-sessions`
> >
> > Can someone confirm?
> >
> >
>
> I don't get why 99-systemd.rules uses SUBSYSTEM=="rfkill" but someone
> just posted me this:
>
> $ udevadm info -a --name /dev/rfkill
>
> looking at device '/devices/virtual/misc/rfkill':
> KERNEL=="rfkill"
> SUBSYSTEM=="misc"
> DRIVER==""
>
> So it would have to be KERNEL=="rfkill" instead of
> SUBSYSTEM=="rfkill"? Would be so much easier if I had a device that
> created /dev/rfkill, I wonder if that can be simulated somehow sane.
>
$ sudo udevadm info -q all --path /sys/class/rfkill/rfkill0
P: /devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb8/8-2/8-2.2/8-2.2:1.0/bluetooth/hci0/rfkill0
E:
DEVPATH=/devices/pci0000:00/0000:00:04.0/0000:02:00.0/usb8/8-2/8-2.2/8-2.2:1.0/bluetooth/hci0/rfkill0
E: ID_PATH=pci-0000:02:00.0-usb-0:2.2:1.0 E:
ID_PATH_TAG=pci-0000_02_00_0-usb-0_2_2_1_0 E: RFKILL_NAME=hci0
E: RFKILL_STATE=1
E: RFKILL_TYPE=bluetooth
E: SUBSYSTEM=rfkill
E: SYSTEMD_WANTS=systemd-rfkill@rfkill0.service
E: TAGS=:systemd:
E: USEC_INITIALIZED=59720
--
Alexander Tsoy
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 19:17 [gentoo-dev] Handling /dev/rfkill, testers wanted Samuli Suominen
2014-03-07 19:39 ` Ian Stakenvicius
2014-03-07 19:57 ` Samuli Suominen
@ 2014-03-07 22:50 ` Alexander Tsoy
2014-03-08 5:43 ` Samuli Suominen
2014-03-08 0:27 ` [gentoo-dev] " Steven J. Long
3 siblings, 1 reply; 9+ messages in thread
From: Alexander Tsoy @ 2014-03-07 22:50 UTC (permalink / raw
To: gentoo-dev
В Fri, 07 Mar 2014 21:17:20 +0200
Samuli Suominen <ssuominen@gentoo.org> пишет:
> - sys-apps/systemd has it's own service to handle /dev/rfkill from
> 99-systemd.rules we don't install with sys-fs/udev:
>
> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
>
The above rule from systemd just run a special unit which
saves/restores rfkill state across reboots. It has nothing to do
with permissions of device nodes and/or ACLs.
> - so this is about sys-fs/udev (and perhaps, sys-auth/consolekit for
> ACLs)
> - since the udev .rules are not application specific, we should
> control it from sys-fs/udev's /lib/udev/rules.d/40-gentoo.rules
> - sys-fs/udev leaves it to root:root as:
>
> KERNEL=="rfkill", MODE="0664"
>
> - third party packages like mate-bluetooth, gnome-bluetooth install
> both their own udev .rules to adjust /dev/rfkill to plugdev:
>
> KERNEL=="rfkill", GROUP="plugdev", MODE="0664"
>
> So I'd like to propose some unification:
>
> I don't have a system with /dev/rfkill unfortunately to test this,
> but I believe we should add this to 40-gentoo.rules and create group
> 'rfkill':
>
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
>
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as
> the original filename in upstream ConsoleKit is 70-udev-acl.rules):
>
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
> So that it would then look like:
>
> $ ls -ld /dev/rfkill
> crw-rw----+ 1 root rfkill 116, 1 Feb 21 16:27 /dev/rfkill
>
> Notice the "+" there for ACLs if user is active (logged in using
> ConsoleKit):
>
> $ getfacl -a /dev/rfkill
> # file: dev/rfkill
> # owner: root
> # group: rfkill
> user::rw-
> user:ssuominen:rw-
> group::rw-
> mask::rw-
> other::---
>
> I didn't actually run that just on /dev/rfkill, but I took an example
> from /dev/snd/seq, and edited those at this mail.
>
> I'd like someone with /dev/rfkill to test I'm right, if possible, and
> verify no other cruft is interfering with it (like those of installed
> by those apps I mentioned, `grep rfkill /lib/udev/rules.d/*`)
>
> Any thoughts?
>
--
Alexander Tsoy
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Handling /dev/rfkill, testers wanted
2014-03-07 22:50 ` Alexander Tsoy
@ 2014-03-08 5:43 ` Samuli Suominen
0 siblings, 0 replies; 9+ messages in thread
From: Samuli Suominen @ 2014-03-08 5:43 UTC (permalink / raw
To: gentoo-dev
On 08/03/14 00:50, Alexander Tsoy wrote:
> В Fri, 07 Mar 2014 21:17:20 +0200
> Samuli Suominen <ssuominen@gentoo.org> пишет:
>
>> - sys-apps/systemd has it's own service to handle /dev/rfkill from
>> 99-systemd.rules we don't install with sys-fs/udev:
>>
>> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
>> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
>>
> The above rule from systemd just run a special unit which
> saves/restores rfkill state across reboots. It has nothing to do
> with permissions of device nodes and/or ACLs.
OK. Didn't know that. Still, 40-gentoo.rules is per implementation specific,
so I'll leave sys-apps/systemd handle their own. They might, or might not
take action based on the results of this thread.
Mainly it was to demonstrate the SUBSYSTEM=="rfkill" use that's a change
to the
KERNEL=="rfkill", SUBSYSTEM=="misc" I've seen in the past.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [gentoo-dev] Re: Handling /dev/rfkill, testers wanted
2014-03-07 19:17 [gentoo-dev] Handling /dev/rfkill, testers wanted Samuli Suominen
` (2 preceding siblings ...)
2014-03-07 22:50 ` Alexander Tsoy
@ 2014-03-08 0:27 ` Steven J. Long
3 siblings, 0 replies; 9+ messages in thread
From: Steven J. Long @ 2014-03-08 0:27 UTC (permalink / raw
To: gentoo-dev
On Fri, Mar 07, 2014 at 09:17:20PM +0200, Samuli Suominen wrote:
> - sys-apps/systemd has it's own service to handle /dev/rfkill from
> 99-systemd.rules we don't install with sys-fs/udev:
>
> SUBSYSTEM=="rfkill", TAG+="systemd", IMPORT{builtin}="path_id",
> ENV{SYSTEMD_WANTS}+="systemd-rfkill@$name.service"
>
> - so this is about sys-fs/udev (and perhaps, sys-auth/consolekit for ACLs)
> - since the udev .rules are not application specific, we should control
> it from sys-fs/udev's /lib/udev/rules.d/40-gentoo.rules
> - sys-fs/udev leaves it to root:root as:
>
> KERNEL=="rfkill", MODE="0664"
>
> - third party packages like mate-bluetooth, gnome-bluetooth install both
> their own udev .rules to adjust /dev/rfkill to plugdev:
>
> KERNEL=="rfkill", GROUP="plugdev", MODE="0664"
>
> So I'd like to propose some unification:
>
> I don't have a system with /dev/rfkill unfortunately to test this, but I
> believe we should add this to 40-gentoo.rules and create group 'rfkill':
>
> SUBSYSTEM=="rfkill", GROUP="rfkill", MODE="0664"
This doesn't make much sense: the group should be plugdev.
It's only understandable when we read your last mail, about a
not-yet-implemented split plugdev idea. In the interim, please
keep it to plugdev, as other packages and the admin expect.
> And this line would go as /lib/udev/rules.d/70-gentoo-acl.rules (as the
> original filename in upstream ConsoleKit is 70-udev-acl.rules):
>
> SUBSYSTEM=="rfkill", TAG+="udev-acl"
>
> Any thoughts?
Seems KERNEL might be right.
--
#friendly-coders -- We're friendly, but we're not /that/ friendly ;-)
^ permalink raw reply [flat|nested] 9+ messages in thread