tmpfiles: override permissions of static nodes that need this

Fixes #13350.

diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index 580b8971a6687058c4c510c7de3ae869ce43154f..50747a19881d8adbe1433978123507a3f26bdcfc 100644 (file)
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -39,6 +39,9 @@ SUBSYSTEM=="cec", GROUP="video"
 SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@"
 SUBSYSTEM=="kfd", GROUP="render", MODE="@GROUP_RENDER_MODE@"
 
+# When using static_node= with non-default permissions, also update
+# tmpfiles.d/static-nodes-permissions.conf.in to keep permissions synchronized.
+
 SUBSYSTEM=="sound", GROUP="audio", \
   OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
 

diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build
index f14b4fc6dffc6e2291a8b5b42709304eef50055a..e77f46d06b77fbe3fbe2514db07d60849c6e9f0a 100644 (file)
--- a/tmpfiles.d/meson.build
+++ b/tmpfiles.d/meson.build
@@ -24,26 +24,33 @@ foreach pair : tmpfiles
         endif
 endforeach
 
-m4_files = [['etc.conf',             ''],
-            ['systemd.conf',         ''],
-            ['var.conf',             ''],
-           ]
+in_files = ['static-nodes-permissions.conf']
 
-foreach pair : m4_files
-        if not enable_tmpfiles
-                # do nothing
-        elif pair[1] == '' or conf.get(pair[1]) == 1
+foreach file : in_files
+        gen = configure_file(
+                input : file + '.in',
+                output : file,
+                configuration : substs)
+        if enable_tmpfiles
+                install_data(gen,
+                             install_dir : tmpfilesdir)
+        endif
+endforeach
+
+m4_files = ['etc.conf',
+            'systemd.conf',
+            'var.conf']
+
+foreach file : m4_files
+        if enable_tmpfiles
                 custom_target(
-                        'tmpfiles.d_' + pair[0],
-                         input : pair[0] + '.m4',
-                         output: pair[0],
+                        'tmpfiles.d_' + file,
+                         input : file + '.m4',
+                         output: file,
                          command : [meson_apply_m4, config_h, '@INPUT@'],
                          capture : true,
                          install : true,
                          install_dir : tmpfilesdir)
-        else
-                message('Not installing tmpfiles.d/@0@.m4 because @1@ is @2@'
-                        .format(pair[0], pair[1], conf.get(pair[1], 0)))
         endif
 endforeach
 

diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in
new file mode 100644 (file)
index 0000000..50cffe2
--- /dev/null
+++ b/tmpfiles.d/static-nodes-permissions.conf.in
@@ -0,0 +1,17 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# This file adds permissions on top of static-nodes.conf generated by
+# kmod-static-nodes.service. Rules specified here should match the
+# permissions specified for udev in 50-udev-default.rules.
+
+z /dev/snd/seq      0660 - audio -
+z /dev/snd/timer    0660 - audio -
+z /dev/loop-control 0660 - disk  -
+z /dev/net/tun      0666 - -     -
+z /dev/fuse         0666 - -     -
+z /dev/kvm          @DEV_KVM_MODE@ - kvm -