Overriding permissions from udev sample rules

Bryan Kadzban bryan at kadzban.is-a-geek.net
Sat Oct 13 17:00:40 PDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I've gotten a bit of time this weekend to look at what it would take to
upgrade udev in the development book.  I've looked through 25-lfs.rules
and tried to remove as many rules as possible (all the rules that were
duplicated in udev's new 50-udev-default.rules file in current udev git;
there were several bugfixes put in there since -115 was released).

There's one problematic area here, though: permissions.  The default
udev file assigns different permissions than we do in several areas, and
uses a different group than we do in others.  This wouldn't be a huge
problem, because we should just be able to move 25-lfs.rules to run
after 50-udev-default.rules, and override the permissions that get set
there.

The problem with this is that some of the rules have the "last_rule"
option applied to them, so they *can't* be overridden.  (This applies to
most of the TTY-style devices.)  Personally, I think this is a bug in
udev; it should not be installing rules that there's no way to override,
if those rules assign permissions; permissions should be assigned by the
distro or admin.  (The last_rule options are there because this file was
copied from SuSE, and it had them.  I don't know why they were in SuSE's
rules, though.)

I can see a few different options.  First, we could simply remove the
last_rule options, e.g. with the following sed:

sed -i 's/, OPTIONS="last_rule"//' 50-udev-default.rules

since nothing that has this option set should have it.

Second, we could set the MODE and/or GROUP ourselves before 50-, and use
the := assignment operator, so the last_rule rules can't override them.

Third, we could try to get udev to remove this option, or at least
explain why it's there (actually I think I'll try to do the latter anyway).

The advantage of option 1 over option 2 is that we can keep all our
customizations in a single file; option 2 would require the TTY mode and
group changes to be split out into a file that runs before 50-, and
everything else into a file that runs after 50-.  (And nothing prevents
other rules in 50- from interfering with other custom permissions in the
future, either.)

The disadvantage of option 1 is that every time the user upgrades udev,
they have to re-run the sed.  According to the comments in the rules
files, those files get replaced every time udev gets reinstalled or
upgraded.  (Of course, the udev-115 Makefile disagrees: it only installs
the files if the target files are not readable or not there.  But I'd
rather not rely on that if the files themselves say they can be
overwritten.)

Option 3 will be slow -- but then again, this will probably take a while
to fix anyway, and I'd already like to wait for -116.  So maybe we
should just do that.

Opinions?

(There's at least one other issue preventing upgrade: the persistent
network script's "all_interfaces" code has been removed, so even with
this figured out, we can't upgrade right away.  But we do need it to be
figured out.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHEVwnS5vET1Wea5wRA8JKAJ4tOQPClbUPSkcrnvZSR28hY9C81QCdFHeS
Bw8kFBtXiKInkaBgKQOKe+o=
=uQZP
-----END PGP SIGNATURE-----



More information about the lfs-dev mailing list