Change the default udev rule for /dev/ptp* from 0660 to 0664,
allowing unprivileged users read-only access.
NIC telemetry and hardware logs often use device timestamps that must
be correlated with host time via read-only PTP ioctls (e.g.
cross-timestamp queries). Requiring privileged access makes these
workflows unnecessarily restrictive.
Older kernels lacked proper permission checks in some PTP ioctls.
Kernel commit
b4e53b15c04e3852949003752f48f7a14ae39e86 ("ptp: Add PHC
file mode checks. Allow RO adjtime() without FMODE_WRITE.") introduces
the necessary file mode validation, ensuring that read access does not
permit clock modification or configuration changes, which still require
write permissions.
This commit has been backported to all actively maintained stable
kernel branches.
Related to #31034
* resolvectl now uses varlink to connect to systemd-resolved.
+ systemd-udevd:
+
+ * Permissions for /dev/ptp* are now set to 0664 (previously 0660),
+ allowing unprivileged read-only access. This relies on the kernel fix
+ "ptp: Add PHC file mode checks. Allow RO adjtime() without
+ FMODE_WRITE." (commit b4e53b15c04e), which adds missing PTP ioctl
+ permission checks and keeps clock-modifying operations
+ write-restricted. Systems running stable kernel branches should
+ ensure they are updated to patch levels that include this fix.
+
Changes in other components:
* systemd-repart gained basic support for integrity checks of encrypted
SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
-SUBSYSTEM=="ptp", GROUP="clock", MODE="0660"
+SUBSYSTEM=="ptp", GROUP="clock", MODE="0664"
SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
SUBSYSTEM=="ptp", ATTR{clock_name}=="ptp_vmw", SYMLINK+="ptp_vmware"
projects / thirdparty / systemd.git / commitdiff
