From c874e22e0da6f87aa72ade635f11421e6ecb6e48 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Thu, 14 Jul 2011 02:02:35 +0200 Subject: [PATCH] udev-acl: skip ACLs when systemd is running, disable by default --- Makefile.am | 2 +- configure.ac | 28 +++++++++---------- .../{70-acl.rules => 70-udev-acl.rules} | 3 ++ 3 files changed, 18 insertions(+), 15 deletions(-) rename extras/udev-acl/{70-acl.rules => 70-udev-acl.rules} (95%) diff --git a/Makefile.am b/Makefile.am index 0599bb24c..d2e9b855f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -360,7 +360,7 @@ if ENABLE_UDEV_ACL extras_udev_acl_udev_acl_SOURCES = extras/udev-acl/udev-acl.c extras_udev_acl_udev_acl_CPPFLAGS = $(AM_CPPFLAGS) $(GLIB_CFLAGS) extras_udev_acl_udev_acl_LDADD = libudev/libudev-private.la -lacl $(GLIB_LIBS) -dist_udevrules_DATA += extras/udev-acl/70-acl.rules +dist_udevrules_DATA += extras/udev-acl/70-udev-acl.rules libexec_PROGRAMS += extras/udev-acl/udev-acl udevacl-install-hook: diff --git a/configure.ac b/configure.ac index 7bdb22904..d1327ab5d 100644 --- a/configure.ac +++ b/configure.ac @@ -126,20 +126,6 @@ if test "x$enable_hwdb" = xyes; then fi AM_CONDITIONAL([ENABLE_HWDB], [test "x$enable_hwdb" = xyes]) -# ------------------------------------------------------------------------------ -# udev_acl - apply ACLs for users with local forground sessions -# ------------------------------------------------------------------------------ -AC_ARG_ENABLE([udev_acl], - AS_HELP_STRING([--disable-udev_acl], [disable local user acl permissions support]), - [], [enable_udev_acl=yes]) -if test "x$enable_udev_acl" = xyes; then - AC_CHECK_LIB([acl], [acl_init], [:], AC_MSG_ERROR([libacl not found])) - AC_CHECK_HEADER([acl/libacl.h], [:], AC_MSG_ERROR([libacl header not found])) - - PKG_CHECK_MODULES([GLIB], [glib-2.0 >= 2.22.0 gobject-2.0 >= 2.22.0]) -fi -AM_CONDITIONAL([ENABLE_UDEV_ACL], [test "x$enable_udev_acl" = xyes]) - # ------------------------------------------------------------------------------ # GUdev - libudev gobject interface # ------------------------------------------------------------------------------ @@ -183,6 +169,20 @@ if test "x$enable_keymap" = xyes; then fi AM_CONDITIONAL([ENABLE_KEYMAP], [test "x$enable_keymap" = xyes]) +# ------------------------------------------------------------------------------ +# udev_acl - apply ACLs for users with local forground sessions +# ------------------------------------------------------------------------------ +AC_ARG_ENABLE([udev_acl], + AS_HELP_STRING([--enable-udev_acl], [enable local user acl permissions support]), + [], [enable_udev_acl=no]) +if test "x$enable_udev_acl" = xyes; then + AC_CHECK_LIB([acl], [acl_init], [:], AC_MSG_ERROR([libacl not found])) + AC_CHECK_HEADER([acl/libacl.h], [:], AC_MSG_ERROR([libacl header not found])) + + PKG_CHECK_MODULES([GLIB], [glib-2.0 >= 2.22.0 gobject-2.0 >= 2.22.0]) +fi +AM_CONDITIONAL([ENABLE_UDEV_ACL], [test "x$enable_udev_acl" = xyes]) + # ------------------------------------------------------------------------------ # create_floppy_devices - historical floppy kernel device nodes (/dev/fd0h1440, ...) # ------------------------------------------------------------------------------ diff --git a/extras/udev-acl/70-acl.rules b/extras/udev-acl/70-udev-acl.rules similarity index 95% rename from extras/udev-acl/70-acl.rules rename to extras/udev-acl/70-udev-acl.rules index 5dc5ed0bf..2dac28310 100644 --- a/extras/udev-acl/70-acl.rules +++ b/extras/udev-acl/70-udev-acl.rules @@ -6,6 +6,9 @@ ENV{MAJOR}=="", GOTO="acl_end" ACTION=="remove", GOTO="acl_apply" +# systemd replaces udev-acl entirely, skip if active +TEST=="/sys/fs/cgroup/systemd", TAG=="uaccess", GOTO="acl_end" + # PTP/MTP protocol devices, cameras, portable media players SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl"