Re: [systemd-devel] How to unset "uaccess" tag in udev rule?

2017-03-27 Thread David Herrmann 
Hi

On Sun, Mar 26, 2017 at 8:07 PM, Manuel Reimer
 wrote:
> On 03/25/2017 05:16 PM, David Herrmann wrote:

 So far I did this by creating an empty file with the same name in
 /etc/udev/rules.d which works well, but for no reason the name was
 changed some time ago which overrides my empty file and reactivates
 the problematic rule.
>>>
>>> That's the only way. Tags cannot be unset.
>>
>>
>> Use TAG-="foobar".
>
>
> I've tried that and it doesn't work.

The `-=' operator was introduced for exactly this use-case (which the
commit I quoted should explain). If it does not work, it has to be
fixed. Last time I checked, it worked.

Hence, if you need help using it, please give us as much information
as possible. Please verify the operator works with something that is
not already used (set some random TAG and remove it again, check with
`udevadm` whether it works).

If you have no clue how to debug it yourself, please specify _what_
you changed, what systemd version / distro / etc., you're running, so
we can reproduce it and help you further.

Thanks
David
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] How to unset "uaccess" tag in udev rule?

2017-03-25 Thread David Herrmann 
Hi

On Tue, Mar 14, 2017 at 10:44 PM, Zbigniew Jędrzejewski-Szmek
 wrote:
> On Sun, Mar 12, 2017 at 07:38:13PM +0100, Manuel Reimer wrote:
>> Hello,
>>
>> my distributor sets the following rule in /usr/lib/udev/rules.d:
>>
>> KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput",
>> TAG+="uaccess"
>>
>> I think this is not a good idea and that there is a good reason why
>> users can't create uinput devices, so I want to get rid of that
>> rule.
>>
>> So far I did this by creating an empty file with the same name in
>> /etc/udev/rules.d which works well, but for no reason the name was
>> changed some time ago which overrides my empty file and reactivates
>> the problematic rule.
> That's the only way. Tags cannot be unset.

Use TAG-="foobar".

Thanks
David


commit 8e3ba3772cadf6a8292b0da533062dd4d377af67
Author: David Herrmann 
Date:   Thu Sep 11 13:25:21 2014 +0200

udev: allow removing tags via TAG-="foobar"

This extends the udev parser to support OP_REMOVE (-=) and adds support
for TAG-= to remove previously set tags. We don't fail if the tag didn't
exist.

This is pretty handy if we ship default rules for seat-assignments and
users want to exclude specific devices from that. They can easily add
rules that drop any automatically added "seat" tags again.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] How to unset "uaccess" tag in udev rule?

2017-03-14 Thread Zbigniew Jędrzejewski-Szmek 
On Sun, Mar 12, 2017 at 07:38:13PM +0100, Manuel Reimer wrote:
> Hello,
> 
> my distributor sets the following rule in /usr/lib/udev/rules.d:
> 
> KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput",
> TAG+="uaccess"
> 
> I think this is not a good idea and that there is a good reason why
> users can't create uinput devices, so I want to get rid of that
> rule.
> 
> So far I did this by creating an empty file with the same name in
> /etc/udev/rules.d which works well, but for no reason the name was
> changed some time ago which overrides my empty file and reactivates
> the problematic rule.
That's the only way. Tags cannot be unset.

Zbyszek
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] How to unset "uaccess" tag in udev rule?

2017-03-12 Thread Manuel Reimer 

Hello,

my distributor sets the following rule in /usr/lib/udev/rules.d:

KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS+="static_node=uinput", 
TAG+="uaccess"


I think this is not a good idea and that there is a good reason why 
users can't create uinput devices, so I want to get rid of that rule.


So far I did this by creating an empty file with the same name in 
/etc/udev/rules.d which works well, but for no reason the name was 
changed some time ago which overrides my empty file and reactivates the 
problematic rule.


What I want is some rule in /etc/udev/rules.d which nullifies the above 
rule independent on which name the rule file, which creates it, has.


Is this possible and if: How? I tried the following in a file 
"/etc/udev/rules.d/99-no-uinput-uaccess.rules:


KERNEL=="uinput", SUBSYSTEM=="misc", OPTIONS-="static_node=uinput", 
TAG-="uaccess"


But it doesn't work. Still get the ACL which allows users to write to 
that device.


Thanks in advance.

Manuel

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel