ACLs to devices need to be supported in core
Bug #1646144 reported by
Alfonso Sanchez-Beato
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Confirmed
|
High
|
Pat McGowan | ||
Snappy |
Fix Released
|
Medium
|
Oliver Grawert | ||
ubuntu-core-meta (Ubuntu) |
Fix Committed
|
Medium
|
Oliver Grawert |
Bug Description
It should be possible to add a user to an ACL to be able to access some devices in the same way as on desktop. For instance, on desktop regular users are in an ACL that allows them to access /dev/snd/* so no root permissions are needed to play a song. But, on Ubuntu Core, we have to run commands like:
$ sudo alsa-utils.aplay /root/enter.wav
to play something (aplay is confined and connected to "alsa" and "home" interfaces). We cannot access /dev/snd and a file in $HOME at the same time, even while sudoing. ACLs can relieve these problems, but the core image currently does not support them.
Changed in canonical-devices-system-image: | |
assignee: | nobody → Pat McGowan (pat-mcgowan) |
importance: | Undecided → High |
milestone: | none → p2 |
status: | New → Confirmed |
Changed in snappy: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
we first need to seed the acl package in core ... given that systemd, uaccess scripts and logind are already present in core this might already be sufficient to have ACL based device access work.