commit 23994e8ab329c1d1d89d142cb5de40b2ac4dcd89
parent 39dd2678cf845fdd69e277f998afbbaf9345e88c
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date: Mon, 1 Aug 2022 06:11:34 +0200
Add mdevd configuration
Diffstat:
5 files changed, 166 insertions(+), 2 deletions(-)
diff --git a/etc/mdevd.conf b/etc/mdevd.conf
@@ -0,0 +1,141 @@
+#
+# This is a sample mdev.conf.
+#
+
+# Devices:
+# Syntax: %s %d:%d %s
+# devices user:group mode
+
+$MODALIAS=.* root:root 0660 @modprobe -q -b "$MODALIAS"
+
+# null does already exist; therefore ownership has to be changed with command
+null root:root 0666 @chmod 666 $MDEV
+zero root:root 0666
+grsec root:root 0660
+full root:root 0666
+
+random root:root 0666
+urandom root:root 0444
+hwrandom root:root 0660
+
+console root:tty 0600
+
+# load frambuffer console when first frambuffer is found
+fb0 root:video 0660 @modprobe -q -b fbcon
+vchiq root:video 0660
+
+fd0 root:floppy 0660
+kmem root:root 0640
+mem root:root 0640
+port root:root 0640
+ptmx root:tty 0666
+
+# Kernel-based Virtual Machine.
+kvm root:kvm 660
+
+# ram.*
+ram([0-9]*) root:disk 0660 >rd/%1
+loop([0-9]+) root:disk 0660 >loop/%1
+
+# persistent storage
+dasd.* root:disk 0660 */lib/mdev/persistent-storage
+mmcblk.* root:disk 0660 */lib/mdev/persistent-storage
+nbd.* root:disk 0660 */lib/mdev/persistent-storage
+nvme.* root:disk 0660 */lib/mdev/persistent-storage
+sd[a-z].* root:disk 0660 */lib/mdev/persistent-storage
+sr[0-9]+ root:cdrom 0660 */lib/mdev/persistent-storage
+vd[a-z].* root:disk 0660 */lib/mdev/persistent-storage
+xvd[a-z].* root:disk 0660 */lib/mdev/persistent-storage
+
+md[0-9] root:disk 0660
+
+tty root:tty 0666
+tty[0-9] root:root 0600
+tty[0-9][0-9] root:tty 0660
+ttyS[0-9]* root:uucp 0660
+pty.* root:tty 0660
+vcs[0-9]* root:tty 0660
+vcsa[0-9]* root:tty 0660
+
+# rpi bluetooth
+#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N &
+
+ttyACM[0-9] root:dialout 0660 @ln -sf $MDEV modem
+ttyUSB[0-9] root:dialout 0660 @ln -sf $MDEV modem
+ttyLTM[0-9] root:dialout 0660 @ln -sf $MDEV modem
+ttySHSF[0-9] root:dialout 0660 @ln -sf $MDEV modem
+slamr root:dialout 0660 @ln -sf $MDEV slamr0
+slusb root:dialout 0660 @ln -sf $MDEV slusb0
+fuse root:root 0666
+
+# dri device
+dri/.* root:video 0660
+card[0-9] root:video 0660 =dri/
+
+# alsa sound devices and audio stuff
+pcm.* root:audio 0660 =snd/
+control.* root:audio 0660 =snd/
+midi.* root:audio 0660 =snd/
+seq root:audio 0660 =snd/
+timer root:audio 0660 =snd/
+
+adsp root:audio 0660 >sound/
+audio root:audio 0660 >sound/
+dsp root:audio 0660 >sound/
+mixer root:audio 0660 >sound/
+sequencer.* root:audio 0660 >sound/
+
+SUBSYSTEM=sound;.* root:audio 0660
+
+# PTP devices
+ptp[0-9] root:root 0660 */lib/mdev/ptpdev
+
+# virtio-ports
+SUBSYSTEM=virtio-ports;vport.* root:root 0600 @mkdir -p virtio-ports; ln -sf ../$MDEV virtio-ports/$(cat /sys/class/virtio-ports/$MDEV/name)
+
+# misc stuff
+agpgart root:root 0660 >misc/
+psaux root:root 0660 >misc/
+rtc root:root 0664 >misc/
+
+# input stuff
+event[0-9]+ root:input 0640 =input/
+mice root:input 0640 =input/
+mouse[0-9] root:input 0640 =input/
+js[0-9] root:input 0640 =input/
+ts[0-9] root:input 0600 =input/
+
+# v4l stuff
+vbi[0-9] root:video 0660 >v4l/
+video[0-9]+ root:video 0660 >v4l/
+
+# dvb stuff
+dvb.* root:video 0660 */lib/mdev/dvbdev
+
+# load drivers for usb devices
+usb[0-9]+ root:root 0660 */lib/mdev/usbdev
+
+# net devices
+# 666 is fine: https://www.kernel.org/doc/Documentation/networking/tuntap.txt
+net/tun[0-9]* root:netdev 0666
+net/tap[0-9]* root:netdev 0666
+
+# zaptel devices
+zap(.*) root:dialout 0660 =zap/%1
+dahdi!(.*) root:dialout 0660 =dahdi/%1
+dahdi/(.*) root:dialout 0660 =dahdi/%1
+
+# raid controllers
+cciss!(.*) root:disk 0660 =cciss/%1
+cciss/(.*) root:disk 0660 =cciss/%1
+ida!(.*) root:disk 0660 =ida/%1
+ida/(.*) root:disk 0660 =ida/%1
+rd!(.*) root:disk 0660 =rd/%1
+rd/(.*) root:disk 0660 =rd/%1
+
+# tape devices
+nst[0-9]+.* root:tape 0660
+st[0-9]+.* root:tape 0660
+
+# fallback for any!device -> any/device
+(.*)!(.*) root:root 0660 =%1/%2
diff --git a/postinstall.aat b/postinstall.aat
@@ -94,6 +94,10 @@ CN # Managed by /usr/src/core-system
/etc/group +
|line_append_file("sshd:x", ":22:", "", "^[^:]*:[^:]*")
|line_append_file("ccx:x", ":1000:", "", "^[^:]*:[^:]*")
+# Groups for /dev permissions (mdevd.conf): disk, input, uucp
+|line_append_file("disk:x", ":6:", "root,adm,haldaemon", "^[^:]*:[^:]*")
+|line_append_file("input:x", ":966:", "", "^[^:]*:[^:]*")
+|line_append_file("uucp:x", ":14:", "", "^[^:]*:[^:]*")
/etc/passwd f +
?i grep -q '^root:.*:{<root_shell>}$'
diff --git a/postinstall.fileset b/postinstall.fileset
@@ -49,6 +49,25 @@ CN # Managed by /usr/src/core-system
else
printf '%s\n' 'ccx:x:1000:' >> "$fname"
fi
+# Groups for /dev permissions (mdevd.conf): disk, input, uucp
+? grep -qEe '^disk:x:6:root,adm,haldaemon$' "$fname"
+! if grep -qEe '^[^:]*:[^:]*:6:' "$fname"; then
+ sed -ire 's|^[^:]*:[^:]*:6:|disk:x:6:root,adm,haldaemon|' "$fname"
+ else
+ printf '%s\n' 'disk:x:6:root,adm,haldaemon' >> "$fname"
+ fi
+? grep -qEe '^input:x:966:$' "$fname"
+! if grep -qEe '^[^:]*:[^:]*:966:' "$fname"; then
+ sed -ire 's|^[^:]*:[^:]*:966:|input:x:966:|' "$fname"
+ else
+ printf '%s\n' 'input:x:966:' >> "$fname"
+ fi
+? grep -qEe '^uucp:x:14:$' "$fname"
+! if grep -qEe '^[^:]*:[^:]*:14:' "$fname"; then
+ sed -ire 's|^[^:]*:[^:]*:14:|uucp:x:14:|' "$fname"
+ else
+ printf '%s\n' 'uucp:x:14:' >> "$fname"
+ fi
/etc/passwd f +
?i grep -q '^root:.*:/bin/zsh$'
diff --git a/s6-rc.aat b/s6-rc.aat
@@ -270,7 +270,7 @@ m644
/mdevd/notification-fd c 3 m644
/mdevd/run
C #!/command/execlineb -P
- mdevd -D 3
+ mdevd -D 3 -f /current/conf/etc/mdevd.conf
m755
/openrc d m755
diff --git a/s6-rc.fileset b/s6-rc.fileset
@@ -488,7 +488,7 @@ m644
/mdevd/notification-fd c 3 m644
/mdevd/run
C #!/command/execlineb -P
- mdevd -D 3
+ mdevd -D 3 -f /current/conf/etc/mdevd.conf
m755
/openrc d m755
