summaryrefslogtreecommitdiff
path: root/extras/udev-acl/70-udev-acl.rules
diff options
context:
space:
mode:
authorKay Sievers <kay.sievers@vrfy.org>2011-07-14 02:02:35 +0200
committerKay Sievers <kay.sievers@vrfy.org>2011-07-14 02:02:35 +0200
commitc874e22e0da6f87aa72ade635f11421e6ecb6e48 (patch)
treeecf2b34607249f54a7732d681cc40f36c60c2784 /extras/udev-acl/70-udev-acl.rules
parent1985c76e48753c200b5a15630b00245c3f60775b (diff)
udev-acl: skip ACLs when systemd is running, disable by default
Diffstat (limited to 'extras/udev-acl/70-udev-acl.rules')
-rw-r--r--extras/udev-acl/70-udev-acl.rules76
1 files changed, 76 insertions, 0 deletions
diff --git a/extras/udev-acl/70-udev-acl.rules b/extras/udev-acl/70-udev-acl.rules
new file mode 100644
index 0000000000..2dac283101
--- /dev/null
+++ b/extras/udev-acl/70-udev-acl.rules
@@ -0,0 +1,76 @@
+# do not edit this file, it will be overwritten on update
+
+# Do not use TAG+="udev-acl" outside of this file. This variable is private to
+# udev-acl of this udev release and may be replaced at any time.
+
+ENV{MAJOR}=="", GOTO="acl_end"
+ACTION=="remove", GOTO="acl_apply"
+
+# systemd replaces udev-acl entirely, skip if active
+TEST=="/sys/fs/cgroup/systemd", TAG=="uaccess", GOTO="acl_end"
+
+# PTP/MTP protocol devices, cameras, portable media players
+SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="udev-acl"
+
+# digicams with proprietary protocol
+ENV{ID_GPHOTO2}=="*?", TAG+="udev-acl"
+
+# SCSI and USB scanners
+ENV{libsane_matched}=="yes", TAG+="udev-acl"
+
+# HPLIP devices (necessary for ink level check and HP tool maintenance)
+ENV{ID_HPLIP}=="1", TAG+="udev-acl"
+
+# optical drives
+SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="udev-acl"
+SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl"
+
+# sound devices
+SUBSYSTEM=="sound", TAG+="udev-acl"
+
+# ffado is an userspace driver for firewire sound cards
+SUBSYSTEM=="firewire", ENV{ID_FFADO}=="1", TAG+="udev-acl"
+
+# webcams, frame grabber, TV cards
+SUBSYSTEM=="video4linux", TAG+="udev-acl"
+SUBSYSTEM=="dvb", TAG+="udev-acl"
+
+# IIDC devices: industrial cameras and some webcams
+SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x00010*", TAG+="udev-acl"
+SUBSYSTEM=="firewire", ATTR{units}=="*0x00b09d:0x00010*", TAG+="udev-acl"
+# AV/C devices: camcorders, set-top boxes, TV sets, audio devices, and more
+SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="udev-acl"
+SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="udev-acl"
+
+# DRI video devices
+SUBSYSTEM=="drm", KERNEL=="card*", TAG+="udev-acl"
+
+# KVM
+SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="udev-acl"
+
+# smart-card readers
+ENV{ID_SMARTCARD_READER}=="*?", TAG+="udev-acl"
+
+# PDA devices
+ENV{ID_PDA}=="*?", TAG+="udev-acl"
+
+# Programmable remote control
+ENV{ID_REMOTE_CONTROL}=="1", TAG+="udev-acl"
+
+# joysticks
+SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="udev-acl"
+
+# color measurement devices
+ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="udev-acl"
+
+# DDC/CI device, usually high-end monitors such as the DreamColor
+ENV{DDC_DEVICE}=="*?", TAG+="udev-acl"
+
+# media player raw devices (for user-mode drivers, Android SDK, etc.)
+SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="udev-acl"
+
+# apply ACL for all locally logged in users
+LABEL="acl_apply", TAG=="udev-acl", TEST=="/var/run/ConsoleKit/database", \
+ RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"
+
+LABEL="acl_end"