Have now resync'd with the changes confirmed in the last thread, which
leaves just a handful of other bits (some of which mentioned before,
some of which I found in the later audit).
(Any differences I don't mention here, I'm happy to drop in favour of
upstream without further discussion.)
rules/rules.d/50-udev-default.rules:
- KERNEL=="raw1394*", GROUP="video"
This will still be difficult for me to upload with ;)
- SUBSYSTEM=="block", KERNEL=="sr[0-9]*", SYMLINK+="scd%n"
+ SUBSYSTEM=="block", KERNEL=="sr[0-9]*", NAME="scd%n", SYMLINK+="%k"
I still think we have this round the right way! :-)
- KERNEL=="pty[pqrstuvwxyzabcdef][0123456789abcdef]", GROUP="tty", \
- MODE="0660", OPTIONS+="last_rule"
- KERNEL=="tty[pqrstuvwxyzabcdef][0123456789abcdef]", GROUP="tty", \
- MODE="0660", OPTIONS+="last_rule"
- KERNEL=="ptmx", GROUP="tty", MODE="0666", \
- OPTIONS+="last_rule"
- KERNEL=="tty", GROUP="tty", MODE="0666", \
- OPTIONS+="last_rule"
- KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620", \
- OPTIONS+="last_rule"
- KERNEL=="vcs|vcs[0-9]*|vcsa|vcsa[0-9]*", GROUP="tty", \
- OPTIONS+="last_rule"
- KERNEL=="console", MODE="0600", OPTIONS+="last_rule"
+ KERNEL=="pty[pqrstuvwxyzabcdef][0123456789abcdef]", GROUP="tty", \
+ MODE="0660",
+ KERNEL=="tty[pqrstuvwxyzabcdef][0123456789abcdef]", GROUP="tty", \
+ MODE="0660",
+ KERNEL=="ptmx", GROUP="tty", MODE="0666"
+ KERNEL=="tty", GROUP="tty", MODE="0666"
+ KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620",
+ KERNEL=="vcs|vcs[0-9]*|vcsa|vcsa[0-9]*", GROUP="tty",
+ KERNEL=="console", MODE="0600"
last_rule on these prevents us from setting the console font or keymap
from udev rules, and prevents us from activating console-related
things (getty, brltty, etc.) from Upstart
you said it was only there because of the legacy ptys, which we've
both disabled now?
- KERNEL=="tun", NAME="net/%k", MODE="0666", OPTIONS+="ignore_remove"
+ KERNEL=="tun", NAME="net/%k"
The mode seems rather permissive? Do you really allow any user to
make tunnels by default? (Ours is 0600!)
Isn't the ignore_remove already handled by the /lib/udev/devices
check? Our /dev/net/tun is in there.
- KERNEL=="ppp", MODE="0600", OPTIONS+="ignore_remove"
+ KERNEL=="ppp", MODE="0600"
ignore_remove already handled by /lib/udev/devices check?
- KERNEL=="mem|kmem|port|nvram", GROUP="kmem", MODE="0640"
+ KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
+ KERNEL=="nvram", GROUP="nvram", MODE="0640"
We have the nvram group, no idea why, we just do ;)
- SUBSYSTEM=="block", GROUP="disk"
+ SUBSYSTEM=="block", ATTRS{removable}!="1", GROUP="disk"
+ SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy"
We put removable block devices in the floppy group, you leave them in
disk? (But use the floppy group for real floppies?)
- KERNEL=="sg[0-9]*", ATTRS{type}!="3|6", GROUP="disk", MODE="0640"
+ SUBSYSTEMS=="scsi", ATTRS{type}=="0", GROUP="disk", MODE="0640"
+ SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom", MODE="0640"
- KERNEL=="pktcdvd[0-9]*", NAME="pktcdvd/%k"
+ KERNEL=="pktcdvd[0-9]*", NAME="pktcdvd/%k", GROUP="cdrom"
# eep, needs cdrom_id run earlier (we ran it at 30-* before)
+ ENV{ID_CDROM}=="?*", GROUP="cdrom"
We put CD-ROM drives and similar into the cdrom group, not disk.
+ SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="tape"
- KERNEL=="ht[0-9]*|nht[0-9]*", GROUP="disk"
+ KERNEL=="ht[0-9]*|nht[0-9]*", GROUP="tape"
- KERNEL=="pt[0-9]*|npt[0-9]*", GROUP="disk"
+ KERNEL=="pt[0-9]*|npt[0-9]*", GROUP="tape"
- KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|
nrawqft[0-9]*", GROUP="disk"
+ KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|
nrawqft[0-9]*", GROUP="tape"
We put tape drives and similar into the tape group, not disk.
rules/rules.d/80-drivers.rules:
- SUBSYSTEM=="module", KERNEL=="parport_pc", \
- RUN+="/sbin/modprobe -b ppdev"
We don't have this one? What's this for? Is a module missing a
dependency?
rules/packages/40-alsa.rules:
KERNEL=="mixer0", SYMLINK+="mixer"
KERNEL=="dsp0", SYMLINK+="dsp"
KERNEL=="audio0", SYMLINK+="audio"
Which kernel module/ALSA version creates these? Here I can only
see /dev/mixer, /dev/dsp and /dev/audio as devices in their own
right. Does a later ALSA version enumerate them, or were these added
just in case?
+ SUBSYSTEM=="sound", GROUP="audio"
And we have an "audio" group for them.
rules/packages/40-isdn.rules:
- SUBSYSTEM=="capi", KERNEL=="capi", NAME="capi20", \
- SYMLINK+="isdn/capi20", GROUP="uucp"
+ SUBSYSTEM=="capi", KERNEL=="capi", NAME="capi20", \
+ GROUP="uucp"
What uses the /dev/isdn/capi20 symlink? We've never had that, and
I've never had any bug reports.
We have a "dialout" group, which we seem to use everywhere you use
"uucp". I think that we inherited this from Debian: Marco, do these
differences match your rules?
It may make sense for these to be a Debian/Ubuntu diff, or a configure
argument?
rules/rules.d/50-udev-default.rules:
- KERNEL=="tty[A-Z]*|pppox*|ircomm*|noz*", GROUP="uucp"
+ KERNEL=="tty[A-Z]*|pppox*|ircomm*|noz*", GROUP="dialout"
- KERNEL=="mwave", NAME="modems/mwave", GROUP="uucp"
+ KERNEL=="mwave", NAME="modems/mwave", GROUP="dialout"
- KERNEL=="hvc*|hvsi*", GROUP="uucp"
+ KERNEL=="hvc*|hvsi*", GROUP="dialout"
+ SUBSYSTEM=="slamr", GROUP="dialout"
+ SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
+ ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", \
+ MODE="0660", GROUP="dialout"
rules/packages/40-isdn.rules:
- SUBSYSTEM=="capi", KERNEL=="capi", NAME="capi20", \
- SYMLINK+="isdn/capi20", GROUP="uucp"
+ SUBSYSTEM=="capi", KERNEL=="capi", NAME="capi20", \
+ SYMLINK+="isdn/capi20", GROUP="dialout"
rules/packages/40-zaptel.rules:
+ SUBSYSTEM=="zaptel", GROUP="dialout"
(or just the GROUP= tagged onto the other rules for consistency)
Scott
--
Scott James Remnant
scott@xxxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part
