udev and access control lists

udev and access control lists

[Christoph Anton Mitterer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody.

I've got two questions/problems. But first of all I'm using kernel
version 2.6.10 (with some patches like pwc, perfctr and so on but I
don't think anyone of them touches my problem). My udev version is 050.

I'd like to set some ACLs one some devicefiles so I tried the
following (of course with uid 0 ;-) ):

$ setfacl -m u:cam:r /dev/hdc
setfacl: /dev/hdc: Operation not supported


mount(8) shows the following:

/dev/hda1 on / type xfs (rw,noatime)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,modeb0)
tmpfs on /dev/shm type tmpfs (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/hda3 on /var type xfs (rw)
/dev on /.dev type unknown (rw,bind)
none on /dev type tmpfs (rw,size=5M,mode\a55)


/proc/mounts this:
rootfs / rootfs rw 0 0
/dev/root / xfs rw,noatime,usrquota 0 0
proc /proc proc rw,nodiratime 0 0
sysfs /sys sysfs rw 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/root /.dev xfs rw,noatime,usrquota 0 0
none /dev tmpfs rw 0 0
devpts /dev/pts devpts rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
/dev/hda3 /var xfs rw 0 0


According to mount's output I thought that my /dev/ is mounted on a
tmpfs filesystem. Is this the case?

So I looked through the kernel-config an found EAs for tmpfs but not
ACLs... :-(
Is it under development or is there another solution?


By the way,.. is it possible to configure udev in such a way that it
automatically sets ACLs?

Lots of thanks in advance and greetings,
cam.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB3GgVmstaume4L0MRAlO/AJ45kj+3/JrKB4oDHGi0KFS4qOl7CgCfVgie
XubmTu1YtnCM4ZBVd+4a+cA=FYpW
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: udev and access control lists

[Kay Sievers]

On Wed, 2005-01-05 at 23:20 +0100, Christoph Anton Mitterer wrote:

> I'd like to set some ACLs one some devicefiles so I tried the
> following (of course with uid 0 ;-) ):

> $ setfacl -m u:cam:r /dev/hdc
> setfacl: /dev/hdc: Operation not supported

> According to mount's output I thought that my /dev/ is mounted on a
> tmpfs filesystem. Is this the case?

Yes, seems so.

> So I looked through the kernel-config an found EAs for tmpfs but not
> ACLs... :-(
> Is it under development or is there another solution?

I don't think so. EA's were just recently added to support SELinux.
Seems you need to use a different filesystem for ACL's.

> By the way,.. is it possible to configure udev in such a way that it
> automatically sets ACLs?

You can create a dev.d/ script which is called on node creation time to
do this.

Kay



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: udev and access control lists

[Christoph Anton Mitterer]

[-- Attachment #1: Type: text/plain, Size: 943 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kay Sievers wrote:
|> According to mount's output I thought that my /dev/ is mounted on a
tmpfs filesystem. Is this the case?
| Yes, seems so.
Hmm the problem is that the Debian udev package seems to do this
automatically,... I'm going to ask the maintainer why he chose that way...

|> So I looked through the kernel-config an found EAs for tmpfs but
not ACLs... :-(
|> Is it under development or is there another solution?
| I don't think so. EA's were just recently added to support SELinux.
| Seems you need to use a different filesystem for ACL's.
Hmm well when I create some nodes for example on a xfs filesystem it
works,... but I'd like to keep on using the Debian package ;)

Thanks anyway,
cam.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB3Saamstaume4L0MRAsxKAJ9vheDi6vanwzW1cZlYxifZhMIpHgCeKqUT
Ej9YGVfVdVeSkjdUcDn/xDQ=
=sHpp
-----END PGP SIGNATURE-----


[-- Attachment #2: cam.vcf --]
[-- Type: text/x-vcard, Size: 450 bytes --]

begin:vcard
fn:Mitterer, Christoph Anton
n:Mitterer;Christoph Anton
org:Munich University of Applied Sciences;Department of Mathematics and Computer Science
adr;quoted-printable;quoted-printable:;;Lothstra=C3=9Fe 34;M=C3=BCnchen;Freistaat Bayern;80335;Federal Republic of Germany
email;internet:cam@mathematica.scientia.net
tel;home:+49 89 24409390
tel;cell:+49 172 8617341
x-mozilla-html:TRUE
url:http://fhm.edu/
version:2.1
end:vcard

Re: udev and access control lists

[Christoph Anton Mitterer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Excuse me for the strange quotes,... don't know why my Thunderbird did
that.... :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB3SrCmstaume4L0MRAirqAKCQLpMPTTt56o2VAen8dyNMl63SCgCgvCZQ
rzIUXbb/hgAYSHK3NX7zAA8=yUG9
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel