| 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
|---|
| 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
|---|
| 5 | %general-entities;
|
|---|
| 6 | ]>
|
|---|
| 7 |
|
|---|
| 8 | <sect1 id="postlfs-devices" xreflabel="About Devices">
|
|---|
| 9 | <?dbhtml filename="devices.html"?>
|
|---|
| 10 |
|
|---|
| 11 |
|
|---|
| 12 | <title>About Devices</title>
|
|---|
| 13 |
|
|---|
| 14 | <indexterm zone="postlfs-devices">
|
|---|
| 15 | <primary sortas="e-etc-udev-rules">/etc/udev/rules.d</primary>
|
|---|
| 16 | </indexterm>
|
|---|
| 17 |
|
|---|
| 18 | <para>
|
|---|
| 19 | Although most devices needed by packages in BLFS and beyond are set up
|
|---|
| 20 | properly by <application>udev</application> using the default rules
|
|---|
| 21 | installed by LFS in <filename
|
|---|
| 22 | class="directory">/etc/udev/rules.d</filename>, there are cases where
|
|---|
| 23 | the rules must be modified or augmented.
|
|---|
| 24 | </para>
|
|---|
| 25 |
|
|---|
| 26 | <sect2>
|
|---|
| 27 | <title>Multiple Sound Cards</title>
|
|---|
| 28 |
|
|---|
| 29 | <para>
|
|---|
| 30 | If there are multiple sound cards in a system, the "default"
|
|---|
| 31 | sound card becomes random. The method to establish sound card order
|
|---|
| 32 | depends on whether the drivers are modules or not. If the sound card
|
|---|
| 33 | drivers are compiled into the kernel, control is via kernel command line
|
|---|
| 34 | parameters in <filename>/boot/grub/grub.cfg</filename>. For example,
|
|---|
| 35 | if a system has both an FM801 card and a SoundBlaster PCI card, the
|
|---|
| 36 | following can be appended to the command line:
|
|---|
| 37 | </para>
|
|---|
| 38 |
|
|---|
| 39 | <screen><literal>snd-fm801.index=0 snd-ens1371.index=1</literal></screen>
|
|---|
| 40 |
|
|---|
| 41 | <para>
|
|---|
| 42 | If the sound card drivers are built as modules, the order can be
|
|---|
| 43 | established in the <filename>/etc/modprobe.conf</filename> file with:
|
|---|
| 44 | </para>
|
|---|
| 45 |
|
|---|
| 46 | <screen><literal>options snd-fm801 index=0
|
|---|
| 47 | options snd-ens1371 index=1</literal></screen>
|
|---|
| 48 |
|
|---|
| 49 | </sect2>
|
|---|
| 50 |
|
|---|
| 51 | <sect2 id="usb-device-issues">
|
|---|
| 52 | <title>USB Device Issues</title>
|
|---|
| 53 |
|
|---|
| 54 | <para>
|
|---|
| 55 | USB devices usually have two kinds of device nodes associated with them.
|
|---|
| 56 | </para>
|
|---|
| 57 |
|
|---|
| 58 | <para>
|
|---|
| 59 | The first kind is created by device-specific drivers (e.g.,
|
|---|
| 60 | usb_storage/sd_mod or usblp) in the kernel. For example, a USB mass
|
|---|
| 61 | storage device would be /dev/sdb, and a USB printer would be
|
|---|
| 62 | /dev/usb/lp0. These device nodes exist only when the device-specific
|
|---|
| 63 | driver is loaded.
|
|---|
| 64 | </para>
|
|---|
| 65 |
|
|---|
| 66 | <para>
|
|---|
| 67 | The second kind of device nodes (/dev/bus/usb/BBB/DDD, where BBB is
|
|---|
| 68 | the bus number and DDD is the device number) are created even if the
|
|---|
| 69 | device doesn't have a kernel driver. By using these "raw" USB device
|
|---|
| 70 | nodes, an application can exchange arbitrary USB packets with the
|
|---|
| 71 | device, i.e., bypass the possibly-existing kernel driver.
|
|---|
| 72 | </para>
|
|---|
| 73 |
|
|---|
| 74 | <para>
|
|---|
| 75 | Access to raw USB device nodes is needed when a userspace program is
|
|---|
| 76 | acting as a device driver. However, for the program to open the device
|
|---|
| 77 | successfully, the permissions have to be set correctly. By default, due
|
|---|
| 78 | to security concerns, all raw USB devices are owned by user root and
|
|---|
| 79 | group usb, and have 0664 permissions (the read access is needed, e.g.,
|
|---|
| 80 | for lsusb to work and for programs to access USB hubs). Packages (such
|
|---|
| 81 | as SANE and libgphoto2) containing userspace USB device drivers also
|
|---|
| 82 | ship udev rules that change the permissions of the controlled raw USB
|
|---|
| 83 | devices. That is, rules installed by SANE change permissions for known
|
|---|
| 84 | scanners, but not printers. If a package maintainer forgot to write
|
|---|
| 85 | a rule for your device, report a bug to both BLFS (if the package is
|
|---|
| 86 | there) and upstream, and you will need to write your own rule.
|
|---|
| 87 | </para>
|
|---|
| 88 |
|
|---|
| 89 | <para>
|
|---|
| 90 | There is one situation when such fine-grained access control with
|
|---|
| 91 | pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,
|
|---|
| 92 | QEMU and VirtualBox use raw USB device nodes to present arbitrary USB
|
|---|
| 93 | devices to the guest operating system (note: patches are needed in order
|
|---|
| 94 | to get this to work without the obsolete /proc/bus/usb mount point
|
|---|
| 95 | described below). Obviously, maintainers of these packages cannot know
|
|---|
| 96 | which USB devices are going to be connected to the guest operating
|
|---|
| 97 | system. You can either write separate udev rules for all needed USB
|
|---|
| 98 | devices yourself, or use the default catch-all "usb" group, members
|
|---|
| 99 | of which can send arbitrary commands to all USB devices.
|
|---|
| 100 | </para>
|
|---|
| 101 |
|
|---|
| 102 | <para>
|
|---|
| 103 | Before Linux-2.6.15, raw USB device access was performed not with
|
|---|
| 104 | /dev/bus/usb/BBB/DDD device nodes, but with /proc/bus/usb/BBB/DDD
|
|---|
| 105 | pseudofiles. Some applications (e.g., VMware Workstation) still use only
|
|---|
| 106 | this deprecated technique and can't use the new device nodes. For them to
|
|---|
| 107 | work, use the "usb" group, but remember that members will have
|
|---|
| 108 | unrestricted access to all USB devices. To create the fstab entry for
|
|---|
| 109 | the obsolete usbfs filesystem:
|
|---|
| 110 | </para>
|
|---|
| 111 |
|
|---|
| 112 | <screen><literal>usbfs /proc/bus/usb usbfs devgid=14,devmode=0660 0 0</literal></screen>
|
|---|
| 113 |
|
|---|
| 114 | <note>
|
|---|
| 115 | <para>
|
|---|
| 116 | Adding users to the "usb" group is inherently insecure, as they can
|
|---|
| 117 | bypass access restrictions imposed through the driver-specific USB
|
|---|
| 118 | device nodes. For instance, they can read sensitive data from USB
|
|---|
| 119 | hard drives without being in the "disk" group. Avoid adding users
|
|---|
| 120 | to this group, if you can.
|
|---|
| 121 | </para>
|
|---|
| 122 | </note>
|
|---|
| 123 |
|
|---|
| 124 | </sect2>
|
|---|
| 125 |
|
|---|
| 126 | <sect2>
|
|---|
| 127 | <title>Udev Device Attributes</title>
|
|---|
| 128 |
|
|---|
| 129 | <para>
|
|---|
| 130 | Fine-tuning of device attributes such as group name and permissions
|
|---|
| 131 | is possible by creating extra <application>udev</application> rules,
|
|---|
| 132 | matching on something like this. The vendor and product can be found by
|
|---|
| 133 | searching the <filename class='directory'>/sys/devices</filename>
|
|---|
| 134 | directory entries or using <command>udevadm info</command> after the
|
|---|
| 135 | device has been attached. See the documentation in the current
|
|---|
| 136 | <application>udev</application> directory of <filename
|
|---|
| 137 | class='directory'>/usr/share/doc</filename> for details.
|
|---|
| 138 | </para>
|
|---|
| 139 |
|
|---|
| 140 | <screen><literal>SUBSYSTEM=="usb_device", SYSFS{idVendor}=="05d8", SYSFS{idProduct}=="4002", \
|
|---|
| 141 | GROUP:="scanner", MODE:="0660"</literal></screen>
|
|---|
| 142 |
|
|---|
| 143 | <note>
|
|---|
| 144 | <para>
|
|---|
| 145 | The above line is used for descriptive purposes only. The
|
|---|
| 146 | scanner <application>udev</application> rules are put into place when
|
|---|
| 147 | installing <xref linkend='sane'/>.
|
|---|
| 148 | </para>
|
|---|
| 149 | </note>
|
|---|
| 150 |
|
|---|
| 151 | </sect2>
|
|---|
| 152 |
|
|---|
| 153 | <!--
|
|---|
| 154 | <sect2>
|
|---|
| 155 | <title>Multiple Network Interfaces</title>
|
|---|
| 156 |
|
|---|
| 157 |
|
|---|
| 158 | </sect2>
|
|---|
| 159 | -->
|
|---|
| 160 |
|
|---|
| 161 | <!-- These instructions are invalid on systemd because we don't use bootscripts.
|
|---|
| 162 | In addition, we should probably verify that these are valid on SysV too.-->
|
|---|
| 163 |
|
|---|
| 164 | <sect2 revision="sysv">
|
|---|
| 165 | <title>Devices for Servers</title>
|
|---|
| 166 |
|
|---|
| 167 | <para>
|
|---|
| 168 | In some cases, it makes sense to disable
|
|---|
| 169 | <application>udev</application> completely and create static devices.
|
|---|
| 170 | Servers are one example of this situation. Does a server need the
|
|---|
| 171 | capability of handling dynamic devices? Only the system administrator
|
|---|
| 172 | can answer that question, but in many cases the answer will be no.
|
|---|
| 173 | </para>
|
|---|
| 174 |
|
|---|
| 175 | <para>
|
|---|
| 176 | If dynamic devices are not desired, then static devices must be
|
|---|
| 177 | created on the system. In the default configuration, the
|
|---|
| 178 | <filename>/etc/rc.d/rcS.d/S10udev</filename> boot script mounts a
|
|---|
| 179 | <systemitem class="filesystem">tmpfs</systemitem> partition over the
|
|---|
| 180 | <filename class="directory">/dev</filename> directory. This problem can
|
|---|
| 181 | be overcome by mounting the root partition temporarily:
|
|---|
| 182 | </para>
|
|---|
| 183 |
|
|---|
| 184 | <warning>
|
|---|
| 185 | <para>
|
|---|
| 186 | If the instructions below are not followed carefully, your
|
|---|
| 187 | system could become unbootable.
|
|---|
| 188 | </para>
|
|---|
| 189 | </warning>
|
|---|
| 190 |
|
|---|
| 191 |
|
|---|
| 192 | <screen><userinput>mount --bind / /mnt
|
|---|
| 193 | cp -a /dev/* /mnt/dev
|
|---|
| 194 | rm /etc/rc.d/rcS.d/{S10udev,S50udev_retry}
|
|---|
| 195 | umount /mnt</userinput></screen>
|
|---|
| 196 |
|
|---|
| 197 | <para>
|
|---|
| 198 | At this point, the system will use static devices upon the next
|
|---|
| 199 | reboot. Create any desired additional devices using
|
|---|
| 200 | <command>mknod</command>.
|
|---|
| 201 | </para>
|
|---|
| 202 |
|
|---|
| 203 | <para>
|
|---|
| 204 | If you want to restore the dynamic devices, recreate the
|
|---|
| 205 | <filename>/etc/rc.d/rcS.d/{S10udev,S50udev_retry}</filename> symbolic
|
|---|
| 206 | links and reboot again. Static devices do not need to be removed
|
|---|
| 207 | (console and null are always needed) because they are covered by the
|
|---|
| 208 | <systemitem class="filesystem">tmpfs</systemitem> partition. Disk
|
|---|
| 209 | usage for devices is negligible (about 20–30 bytes per entry.)
|
|---|
| 210 | </para>
|
|---|
| 211 |
|
|---|
| 212 | </sect2>
|
|---|
| 213 |
|
|---|
| 214 | <sect2 id="dev-dvd">
|
|---|
| 215 | <title>Devices for DVD Drives</title>
|
|---|
| 216 |
|
|---|
| 217 | <para>
|
|---|
| 218 | If the initial boot process does not set up the
|
|---|
| 219 | <systemitem>/dev/dvd</systemitem> device properly, it can
|
|---|
| 220 | be installed using the following modification to the default udev rules.
|
|---|
| 221 | As the <systemitem class="username">root</systemitem> user, run:
|
|---|
| 222 | </para>
|
|---|
| 223 |
|
|---|
| 224 | <screen><userinput>sed '1d;/SYMLINK.*cdrom/ a\
|
|---|
| 225 | KERNEL=="sr0", ENV{ID_CDROM_DVD}=="1", SYMLINK+="dvd", OPTIONS+="link_priority=-100"' \
|
|---|
| 226 | /lib/udev/rules.d/60-cdrom_id.rules > /etc/udev/rules.d/60-cdrom_id.rules</userinput></screen>
|
|---|
| 227 |
|
|---|
| 228 | </sect2>
|
|---|
| 229 |
|
|---|
| 230 | </sect1>
|
|---|
