From 1e6854e112e9723be6108b83f6935ec7e04cea17 Mon Sep 17 00:00:00 2001 From: Carolina Jubran Date: Mon, 16 Feb 2026 11:24:53 +0200 Subject: [PATCH] udev: grant read access to PTP devices for unprivileged users Change the default udev rule for /dev/ptp* from 0660 to 0664, allowing unprivileged users read-only access. NIC telemetry and hardware logs often use device timestamps that must be correlated with host time via read-only PTP ioctls (e.g. cross-timestamp queries). Requiring privileged access makes these workflows unnecessarily restrictive. Older kernels lacked proper permission checks in some PTP ioctls. Kernel commit b4e53b15c04e3852949003752f48f7a14ae39e86 ("ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.") introduces the necessary file mode validation, ensuring that read access does not permit clock modification or configuration changes, which still require write permissions. This commit has been backported to all actively maintained stable kernel branches. Related to #31034 --- NEWS | 10 ++++++++++ rules.d/50-udev-default.rules.in | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 4c249c8f00c..15de4ce6cff 100644 --- a/NEWS +++ b/NEWS @@ -161,6 +161,16 @@ CHANGES WITH 260 in spe: * resolvectl now uses varlink to connect to systemd-resolved. + systemd-udevd: + + * Permissions for /dev/ptp* are now set to 0664 (previously 0660), + allowing unprivileged read-only access. This relies on the kernel fix + "ptp: Add PHC file mode checks. Allow RO adjtime() without + FMODE_WRITE." (commit b4e53b15c04e), which adds missing PTP ioctl + permission checks and keeps clock-modifying operations + write-restricted. Systems running stable kernel branches should + ensure they are updated to patch levels that include this fix. + Changes in other components: * systemd-repart gained basic support for integrity checks of encrypted diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in index ec0dd38e702..22b38f5f115 100644 --- a/rules.d/50-udev-default.rules.in +++ b/rules.d/50-udev-default.rules.in @@ -31,7 +31,7 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id" SUBSYSTEM=="net", IMPORT{builtin}="net_driver" -SUBSYSTEM=="ptp", GROUP="clock", MODE="0660" +SUBSYSTEM=="ptp", GROUP="clock", MODE="0664" SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm" SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv" SUBSYSTEM=="ptp", ATTR{clock_name}=="ptp_vmw", SYMLINK+="ptp_vmware" -- 2.47.3