From: Gibeom Gwon <gb.gwon@stackframe.dev>
Date: Mon, 12 Jul 2021 17:57:43 +0000 (+0900)
Subject: homed: allow systemd-homed access to FIDO2 devices
X-Git-Tag: v250-rc1~956
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85e424c0c852fcb92d108494a6efa9dd0ce943b2;p=thirdparty%2Fsystemd.git

homed: allow systemd-homed access to FIDO2 devices

Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.
---

diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in
index 678bbab65c4..0576f846974 100644
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@@ -20,6 +20,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS
 DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
+DeviceAllow=char-hidraw rw
 ExecStart={{ROOTLIBEXECDIR}}/systemd-homed
 IPAddressDeny=any
 KillMode=mixed