stripped-down permissions.rules needed for udev-udeb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
udev (Ubuntu) |
Fix Released
|
Medium
|
Scott James Remnant (Canonical) |
Bug Description
Binary package hint: udev
(I discussed this with Scott a few days ago on IRC.)
udev-udeb doesn't contain 40-permissions.
<cjwatson> oh, amusing udev/d-i bug
<cjwatson> mathiaz was talking yesterday about postgresql-8.3 failing to install in d-i due to a busted /dev/null
<cjwatson> and it turns out that this is because 40-permissions.
<cjwatson> which in turn is because most of those groups don't exist, so it wouldn't work properly
<cjwatson> but as well as setting groups, it also sets things like mode 0666 on certain nodes
<cjwatson> perhaps we could split out a permissions-
<cjwatson> and then put that in udev-udeb
<Keybuk> hmm
<Keybuk> why is postgres switching to another user in d-i?
<Keybuk> surely that's not going to work either?
<cjwatson> d-i bind-mounts /dev into /target
<Keybuk> it didn't used to?
<cjwatson> postgres is switching to another user in the /target chroot, where switching to another user works fine
<cjwatson> yes, this changed in hardy; getting all the device nodes in order without a bind-mount was becoming too painful
<Keybuk> ah right
<Keybuk> hmm
<Keybuk> yeah, basic permissions seems to be the general right thing there
<Keybuk> which groups do we not have in d-i?
<Keybuk> udev tries to stick to the base-passwd ones
<cjwatson> you don't have any groups in d-i
<cjwatson> /etc/group just has root
<Keybuk> :-/
<Keybuk> trying to work out what *is* a basic permission
<cjwatson> modes only, I'd say
<Keybuk> most modes are meaningless without groups
<cjwatson> the ones that are 0666 clearly aren't
<Keybuk> :-)
<Keybuk> pty* are wird
<Keybuk> tty *and* 666
<cjwatson> TBH I think we'd be fine with null, zero, full, random, urandom, inotify
<Keybuk> yeah
<Keybuk> just the basics
<cjwatson> and maybe the ptys if you can split those lines up
<Keybuk> I wonder whether those ptys are supposed to be 660 or 666
<cjwatson> it only really matters for anything that will be used by package installation in d-i
<Keybuk> KERNEL=="pty*", MODE="0666", GROUP="tty"
<Keybuk> *shrug*
<Keybuk> matches debian
<Keybuk> that seems wrong to me though
<Keybuk> doesn't that mean anybody can write to any tty?
Changed in udev: | |
milestone: | none → ubuntu-8.04 |
Changed in udev: | |
importance: | Undecided → Medium |
Changed in udev: | |
assignee: | nobody → keybuk |
Added a 40-basic- permissions. rules that contains mode settings for usb devices, console, ptmx, tty, null, zero, full, random, urandom and inotify
This goes into the udeb and into the initramfs