David Moore wrote:
On Wed, 2008-08-20 at 22:57 +0200, Stefan Richter wrote:
David Moore wrote:
On Wed, 2008-08-20 at 21:39 +0200, Stefan Richter wrote:
SUBSYSTEM=="firewire", ATTR{specifier_id}=="0x00a02d", ATTR{version}=="0x010001",\
PROGRAM="/bin/chgrp video /dev/%P"
I tried playing with rules like this about a year ago, but it didn't
work because the spec_id was only available in the child nodes of the
firewire device, so udev couldn't match on it (see more below). Has
that changed so these work now?
This hasn't changed; hence I use chgrp on %P which is the parent.
I.e. these rules trigger on fwX.Y events but modify the (then already
existing) /dev/fwX file.
Okay, I see. The reason that didn't work on Fedora 7 was that a SYMLINK
rule can't use this %P trick since the target of the symlink can't be
overriden (at least to my knowledge). And Fedora didn't like putting
chgrp commands directly in the udev rule since there was some PAM
console.perms magic elsewhere that dealt with the chgrping all in one
place based on filename.
Of course, for Fedora at least, all that is moot now since the PAM magic
is replaced with PolicyKit magic. I'm not sure if other distributions
still use console.perms.
The simplest alternative would of course just be
SUBSYSTEM=="firewire", GROUP="video"
or
KERNEL=="fw[0-9]*", GROUP="video"
or an equivalent PAM or CamelCaseKit based approach. This would leave
an opportunity unused to improve device security relative to raw1394,
but that's not a big deal.
Another alternative is that we add a sysfs attribute to the parent
device, e.g. one which contains a list of the specifier:version tuples
of all unit directories of a node --- if that would make life easier for
integrators.
--
Stefan Richter
-=====-==--- =--- =-=-=
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
