Re: [systemd-devel] [PATCH 2/2] logind: user access to shared devices

Oleg Samarin Sat, 05 Jan 2013 09:02:43 -0800

reformatted patch is here

>From eade2b14853eb56917fcf3ec8c7cfc2af0affdcb Mon Sep 17 00:00:00 2001
From: Oleg Samarin <[email protected]>
Date: Sat, 5 Jan 2013 20:57:56 +0400
Subject: [PATCH 2/2] logind: user access to shared devices


Supporting of acls on devices shared between all seats (like /dev/snd/seq):
A user gets permitions on it when he activates a session on any seat.
He/she losses the permitions when no his/her active sessions more exist
---
 src/login/71-seat.rules.in      |  1 +
 src/login/73-seat-late.rules.in |  3 +++
 src/login/logind-acl.c          | 26 +++++++++++++++++---------
 src/login/logind-acl.h          |  2 +-
 src/login/logind-seat.c         |  5 ++++-
 5 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/src/login/71-seat.rules.in b/src/login/71-seat.rules.in
index 4f1a9a5..7256d06 100644
--- a/src/login/71-seat.rules.in
+++ b/src/login/71-seat.rules.in
@@ -42,6 +42,7 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="17e9", ATTR{idProduct}=="401a", ATTR{product}
 
 TAG=="seat", ENV{ID_PATH}=="", IMPORT{builtin}="path_id"
 TAG=="seat", ENV{ID_FOR_SEAT}=="", ENV{ID_PATH_TAG}!="", ENV{ID_FOR_SEAT}="$env{SUBSYSTEM}-$env{ID_PATH_TAG}"
+TAG=="seat", ENV{ONE_SEAT}="1"
 
 SUBSYSTEM=="input", ATTR{name}=="Wiebetech LLC Wiebetech", RUN+="@rootbindir@/loginctl lock-sessions"
 
diff --git a/src/login/73-seat-late.rules.in b/src/login/73-seat-late.rules.in
index 901df75..7777f8e 100644
--- a/src/login/73-seat-late.rules.in
+++ b/src/login/73-seat-late.rules.in
@@ -14,4 +14,7 @@ ENV{ID_SEAT}!="", TAG+="$env{ID_SEAT}"
 
 TAG=="uaccess", ENV{MAJOR}!="", RUN{builtin}+="uaccess"
 
+ENV{ONE_SEAT}=="", IMPORT{parent}="ONE_SEAT"
+TAG=="uaccess", ENV{ONE_SEAT}!="1", ENV{ID_SEAT}=="", TAG+="shared"
+
 LABEL="seat_late_end"
diff --git a/src/login/logind-acl.c b/src/login/logind-acl.c
index cb045a9..4b2988a 100644
--- a/src/login/logind-acl.c
+++ b/src/login/logind-acl.c
@@ -174,7 +174,7 @@ finish:
 int devnode_acl_all(struct udev *udev,
                     const char *seat,
                     bool flush,
-                    bool del, uid_t old_uid,
+                    bool del, bool del_shared, uid_t old_uid,
                     bool add, uid_t new_uid) {
 
         struct udev_list_entry *item = NULL, *first = NULL;
@@ -208,6 +208,7 @@ int devnode_acl_all(struct udev *udev,
         udev_list_entry_foreach(item, first) {
                 struct udev_device *d;
                 const char *node, *sn;
+                bool is_shared;
 
                 d = udev_device_new_from_syspath(udev, udev_list_entry_get_name(item));
                 if (!d) {
@@ -215,13 +216,20 @@ int devnode_acl_all(struct udev *udev,
                         goto finish;
                 }
 
-                sn = udev_device_get_property_value(d, "ID_SEAT");
-                if (isempty(sn))
-                        sn = "seat0";
-
-                if (!streq(seat, sn)) {
-                        udev_device_unref(d);
-                        continue;
+                /* all devices with shared tag are accessible with all seats */
+                is_shared = udev_device_has_tag(d, "shared");
+                
+                if (is_shared)
+                    sn = "shared";
+                else {
+                    sn = udev_device_get_property_value(d, "ID_SEAT");
+                    if (isempty(sn))
+                            sn = "seat0";
+
+                    if (!streq(seat, sn)) {
+                            udev_device_unref(d);
+                            continue;
+                    }
                 }
 
                 node = udev_device_get_devnode(d);
@@ -233,7 +241,7 @@ int devnode_acl_all(struct udev *udev,
 
                 log_debug("Fixing up %s for seat %s...", node, sn);
 
-                r = devnode_acl(node, flush, del, old_uid, add, new_uid);
+                r = devnode_acl(node, flush, is_shared ? del_shared : del, old_uid, add, new_uid);
                 udev_device_unref(d);
 
                 if (r < 0)
diff --git a/src/login/logind-acl.h b/src/login/logind-acl.h
index ec09843..fe1183c 100644
--- a/src/login/logind-acl.h
+++ b/src/login/logind-acl.h
@@ -35,7 +35,7 @@ int devnode_acl(const char *path,
 int devnode_acl_all(struct udev *udev,
                     const char *seat,
                     bool flush,
-                    bool del, uid_t old_uid,
+                    bool del, bool del_shared, uid_t old_uid,
                     bool add, uid_t new_uid);
 #else
 
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 470d08b..a51f5bb 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -225,7 +225,10 @@ int seat_apply_acls(Seat *s, Session *old_active) {
         r = devnode_acl_all(s->manager->udev,
                             s->id,
                             false,
-                            !!old_active, old_active ? old_active->user->uid : 0,
+                            !!old_active, 
+                            // delete acl on shared devices only if no other active sessions
+                            old_active && user_get_state(old_active->user) != USER_ACTIVE,
+                            old_active ? old_active->user->uid : 0,
                             !!s->active, s->active ? s->active->user->uid : 0);
 
         if (r < 0)
-- 
1.7.11.7

_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] [PATCH 2/2] logind: user access to shared devices

Reply via email to