On 31.08.2023 19:22, Christian Pernegger wrote:
Hello, still trying to get the kinks out of my multiseat setup ... AFAICT the proper way to give local users access to devices nowadays is via udev and the "uaccess" tag: devices with this tag set should automagically get an ACL entry that gives access to users with active sessions. This works brilliantly for seat0, but not for seat1 (and above, I presume). E.g. P: /devices/virtual/misc/rfkill N: rfkill L: 0 E: DEVPATH=/devices/virtual/misc/rfkill E: SUBSYSTEM=misc E: DEVNAME=/dev/rfkill E: MAJOR=10 E: MINOR=242 E: USEC_INITIALIZED=954210 E: SYSTEMD_WANTS=systemd-rfkill.socket E: TAGS=:systemd:uaccess:seat:shared: E: CURRENT_TAGS=:systemd:uaccess:seat:shared:
There is no ID_SEAT, so this device belongs to seat0 by default.
At login screens: # file: dev/rfkill # owner: root # group: root user::rw- user:gdm:rw- # *** [my emph.] group::rw- mask::rw- other::rw- Logged in on seat0: At login screens: # file: dev/rfkill # owner: root # group: root user::rw- user:chris:rw- # *** ["switches" to user] group::rw- mask::rw- other::rw- Logged in on seat1 instead: # file: dev/rfkill # owner: root # group: root user::rw- user:gdm:rw- # *** [sticks to gdm] group::rw- mask::rw- other::rw-
This device belongs to seat0, so it is ignored when requested to change permissions for seat1.
The GNOME BT control panel doesn't work unless the logged-in user has write access to /dev/rfkill, which is how I originally came across this. But it's the same for the /dev/dri/renderD* devices. The seat to which the matching card belongs has access some other way, but the other seat does not; if you do give both seats access, both can use both cards in vulkan applications, for example. I see there are other files under /dev that have the ACL "+", looks like it's the same for them. (I wonder if that's why I can't switch virtual consoles on seat1 even though fbcon is mapped to that.) Anyway, I know I can just override the permissions or use the old group way of doing things, but I'd prefer to fix things properly. The symptoms of wrong device permissions can be insidious.
You need to assign your device to the correct seat.
