systemd/apply-ACL-for-nvidia-device-nodes.patch

38 lines
1.3 KiB
Diff
Raw Normal View History

From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Mon, 8 Apr 2013 14:51:47 +0200
Subject: apply ACL for nvidia device nodes
set ACL on nvidia devices (bnc#808319).
---
src/login/logind-acl.c | 3 +++
1 file changed, 3 insertions(+)
Accepting request 176957 from home:fcrozat:branches:Base:System - Update to release 204: + systemd-nspawn creates etc/resolv.conf in container if needed. + systemd-nspawn will store metadata about container in container cgroup including its root directory. + cgroup hierarchy has been reworked, all objects are now suffxed (with .session for user sessions, .user for users, .nspawn for containers). All cgroup names are now escaped to preven collision of object names. + systemctl list-dependencies gained --plain, --reverse, --after and --before switches. + systemd-inhibit shows processes name taking inhibitor lock. + nss-myhostname will now resolve "localhost" implicitly. + .include is not allowed recursively anymore and only in unit files. Drop-in files should be favored in most cases. + systemd-analyze gained "critical-chain" command, to get slowest chain of units run during boot-up. + systemd-nspawn@.service has been added to easily run nspawn container for system services. Just start "systemd-nspawn@foobar.service" and container from /var/lib/container/foobar" will be booted. + systemd-cgls has new --machine parameter to list processes from one container. + ConditionSecurity= can now check for apparmor and SMACK. + /etc/systemd/sleep.conf has been introduced to configure which kernel operation will be execute when "suspend", "hibernate" or "hybrid-sleep" is requrested. It allow new kernel "freeze" state to be used too. (This setting won't have any effect if pm-utils is installed). + ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape passed argument if applicable. OBS-URL: https://build.opensuse.org/request/show/176957 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=388
2013-05-29 17:26:40 +02:00
Index: systemd-208/src/login/logind-acl.c
===================================================================
--- systemd-208.orig/src/login/logind-acl.c
+++ systemd-208/src/login/logind-acl.c
@@ -287,6 +287,22 @@ int devnode_acl_all(struct udev *udev,
Accepting request 184036 from home:elvigia:branches:Base:System - version 206 , highlights: * Unit files now understand the new %v specifier which resolves to the kernel version string as returned by "uname-r". * "journalctl -b" may now be used to look for boot output of a specific boot. Try "journalctl -b -1" * Creation of "dead" device nodes has been moved from udev into kmod and tmpfiles. * The udev "keymap" data files and tools to apply keyboard specific mappings of scan to key codes, and force-release scan code lists have been entirely replaced by a udev "keyboard" builtin and a hwdb data file. - remove patches now in upstream - systemd now requires libkmod >=14 and cryptsetup >= 1.6.0 - systemd now require the kmod tool in addition to the library. - version 206 , highlights: * Unit files now understand the new %v specifier which resolves to the kernel version string as returned by "uname-r". * "journalctl -b" may now be used to look for boot output of a specific boot. Try "journalctl -b -1" * Creation of "dead" device nodes has been moved from udev into kmod and tmpfiles. * The udev "keymap" data files and tools to apply keyboard specific mappings of scan to key codes, and force-release scan code lists have been entirely replaced by a udev "keyboard" builtin and a hwdb data file. - remove patches now in upstream - systemd now requires libkmod >=14 and cryptsetup >= 1.6.0 - systemd now require the kmod tool in addition to the library. (forwarded request 184035 from elvigia) OBS-URL: https://build.opensuse.org/request/show/184036 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=416
2013-07-23 11:21:21 +02:00
r = devnode_acl(n, flush, del, old_uid, add, new_uid);
}
+ /* only apply ACL on nvidia* if /dev/nvidiactl exists */
+ if (devnode_acl("/dev/nvidiactl", flush, del, old_uid, add, new_uid) >= 0) {
+ int i;
+ char *devname;
Accepting request 176957 from home:fcrozat:branches:Base:System - Update to release 204: + systemd-nspawn creates etc/resolv.conf in container if needed. + systemd-nspawn will store metadata about container in container cgroup including its root directory. + cgroup hierarchy has been reworked, all objects are now suffxed (with .session for user sessions, .user for users, .nspawn for containers). All cgroup names are now escaped to preven collision of object names. + systemctl list-dependencies gained --plain, --reverse, --after and --before switches. + systemd-inhibit shows processes name taking inhibitor lock. + nss-myhostname will now resolve "localhost" implicitly. + .include is not allowed recursively anymore and only in unit files. Drop-in files should be favored in most cases. + systemd-analyze gained "critical-chain" command, to get slowest chain of units run during boot-up. + systemd-nspawn@.service has been added to easily run nspawn container for system services. Just start "systemd-nspawn@foobar.service" and container from /var/lib/container/foobar" will be booted. + systemd-cgls has new --machine parameter to list processes from one container. + ConditionSecurity= can now check for apparmor and SMACK. + /etc/systemd/sleep.conf has been introduced to configure which kernel operation will be execute when "suspend", "hibernate" or "hybrid-sleep" is requrested. It allow new kernel "freeze" state to be used too. (This setting won't have any effect if pm-utils is installed). + ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape passed argument if applicable. OBS-URL: https://build.opensuse.org/request/show/176957 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=388
2013-05-29 17:26:40 +02:00
+
+ for (i = 0; i <= 256 ; i++) {
+ if (asprintf(&devname, "/dev/nvidia%d", i) < 0)
+ break;
+ if (devnode_acl(devname, flush, del, old_uid, add, new_uid) < 0) {
+ free(devname);
+ break;
Accepting request 176957 from home:fcrozat:branches:Base:System - Update to release 204: + systemd-nspawn creates etc/resolv.conf in container if needed. + systemd-nspawn will store metadata about container in container cgroup including its root directory. + cgroup hierarchy has been reworked, all objects are now suffxed (with .session for user sessions, .user for users, .nspawn for containers). All cgroup names are now escaped to preven collision of object names. + systemctl list-dependencies gained --plain, --reverse, --after and --before switches. + systemd-inhibit shows processes name taking inhibitor lock. + nss-myhostname will now resolve "localhost" implicitly. + .include is not allowed recursively anymore and only in unit files. Drop-in files should be favored in most cases. + systemd-analyze gained "critical-chain" command, to get slowest chain of units run during boot-up. + systemd-nspawn@.service has been added to easily run nspawn container for system services. Just start "systemd-nspawn@foobar.service" and container from /var/lib/container/foobar" will be booted. + systemd-cgls has new --machine parameter to list processes from one container. + ConditionSecurity= can now check for apparmor and SMACK. + /etc/systemd/sleep.conf has been introduced to configure which kernel operation will be execute when "suspend", "hibernate" or "hybrid-sleep" is requrested. It allow new kernel "freeze" state to be used too. (This setting won't have any effect if pm-utils is installed). + ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape passed argument if applicable. OBS-URL: https://build.opensuse.org/request/show/176957 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=388
2013-05-29 17:26:40 +02:00
+ }
+ free(devname);
Accepting request 176957 from home:fcrozat:branches:Base:System - Update to release 204: + systemd-nspawn creates etc/resolv.conf in container if needed. + systemd-nspawn will store metadata about container in container cgroup including its root directory. + cgroup hierarchy has been reworked, all objects are now suffxed (with .session for user sessions, .user for users, .nspawn for containers). All cgroup names are now escaped to preven collision of object names. + systemctl list-dependencies gained --plain, --reverse, --after and --before switches. + systemd-inhibit shows processes name taking inhibitor lock. + nss-myhostname will now resolve "localhost" implicitly. + .include is not allowed recursively anymore and only in unit files. Drop-in files should be favored in most cases. + systemd-analyze gained "critical-chain" command, to get slowest chain of units run during boot-up. + systemd-nspawn@.service has been added to easily run nspawn container for system services. Just start "systemd-nspawn@foobar.service" and container from /var/lib/container/foobar" will be booted. + systemd-cgls has new --machine parameter to list processes from one container. + ConditionSecurity= can now check for apparmor and SMACK. + /etc/systemd/sleep.conf has been introduced to configure which kernel operation will be execute when "suspend", "hibernate" or "hybrid-sleep" is requrested. It allow new kernel "freeze" state to be used too. (This setting won't have any effect if pm-utils is installed). + ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape passed argument if applicable. OBS-URL: https://build.opensuse.org/request/show/176957 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=388
2013-05-29 17:26:40 +02:00
+ }
+ }
+
finish:
Accepting request 184036 from home:elvigia:branches:Base:System - version 206 , highlights: * Unit files now understand the new %v specifier which resolves to the kernel version string as returned by "uname-r". * "journalctl -b" may now be used to look for boot output of a specific boot. Try "journalctl -b -1" * Creation of "dead" device nodes has been moved from udev into kmod and tmpfiles. * The udev "keymap" data files and tools to apply keyboard specific mappings of scan to key codes, and force-release scan code lists have been entirely replaced by a udev "keyboard" builtin and a hwdb data file. - remove patches now in upstream - systemd now requires libkmod >=14 and cryptsetup >= 1.6.0 - systemd now require the kmod tool in addition to the library. - version 206 , highlights: * Unit files now understand the new %v specifier which resolves to the kernel version string as returned by "uname-r". * "journalctl -b" may now be used to look for boot output of a specific boot. Try "journalctl -b -1" * Creation of "dead" device nodes has been moved from udev into kmod and tmpfiles. * The udev "keymap" data files and tools to apply keyboard specific mappings of scan to key codes, and force-release scan code lists have been entirely replaced by a udev "keyboard" builtin and a hwdb data file. - remove patches now in upstream - systemd now requires libkmod >=14 and cryptsetup >= 1.6.0 - systemd now require the kmod tool in addition to the library. (forwarded request 184035 from elvigia) OBS-URL: https://build.opensuse.org/request/show/184036 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=416
2013-07-23 11:21:21 +02:00
udev_enumerate_unref(e);
set_free_free(nodes);