Changeset d20c871 for postlfs/config


Ignore:
Timestamp:
03/06/2010 10:33:48 PM (14 years ago)
Author:
Bruce Dubbs <bdubbs@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
bf157fc2
Parents:
a5a9ff8
Message:

Added additional information about <para>[bdubbs] - Added additional information about

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8297 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/config/devices.xml

    ra5a9ff8 rd20c871  
    5151  </sect2>
    5252
     53  <sect2 id="usb-device-issues">
     54    <title>USB Device Issues</title>
     55
     56    <para>USB devices usually have two kinds of device nodes associated with
     57    them.</para>
     58
     59    <para>The first kind is created by device-specific drivers (e.g.,
     60    usb_storage/sd_mod or usblp) in the kernel. For example, a USB mass storage
     61    device would be /dev/sdb, and a USB printer would be /dev/usb/lp0. These
     62    device nodes exist only when the device-specific driver is loaded.</para>
     63
     64    <para>The second kind of device nodes (/dev/bus/usb/BBB/DDD, where BBB is
     65    the bus number and DDD is the device number) is created even if the device
     66    doesn't have a kernel driver. By using these "raw" USB device nodes, an
     67    application can exchange arbitrary USB packets with the device, i.e.,
     68    bypass the possibly-existing kernel driver.</para>
     69
     70    <para>Access to raw USB device nodes is needed when a userspace program is
     71    acting as a device driver. However, for the program to open the device
     72    successfully, the permissions have to be set correctly. By default, due to
     73    security concerns, all raw USB devices are owned by user root and group
     74    usb, and have 0664 permissions (the read access is needed, e.g., for lsusb
     75    to work and for programs to access USB hubs). Packages (such as SANE and
     76    libgphoto2) containing userspace USB device drivers also ship udev rules
     77    that change the permissions of the controlled raw USB devices. That is, rules
     78    installed by SANE change permissions for known scanners, but not printers. 
     79    If a package maintainer forgot to write a rule for your device,
     80    report a bug to both BLFS (if the package is there) and upstream, and
     81    ypu will need ot write your own rule.</para>
     82
     83    <para>There is one situation when such fine-grained access control with
     84    pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,
     85    QEMU and VirtualBox use raw USB device nodes to present arbitrary USB
     86    devices to the guest operating system (note: patches are needed in order to
     87    get this to work without the obsolete /proc/bus/usb mount point described
     88    below). Obviously, maintainers of these packages cannot know which USB
     89    devices are going to be connected to the guest operating system. You can
     90    either write separate udev rules for all needed USB devices yourself, or
     91    use the default catch-all "usb" group, members of which can send
     92    arbitrary commands to all USB devices. </para>
     93   
     94    <para>Before Linux-2.6.15, raw USB device access was performed not with
     95    /dev/bus/usb/BBB/DDD device nodes, but with /proc/bus/usb/BBB/DDD
     96    pseudofiles. Some applications (e.g., VMware Workstation) still use only
     97    this deprecated technique and can't use the new device nodes. For them to
     98    work, use the "usb" group, but remember that members will have unrestricted
     99    access to all USB devices.  To create the fstab entry for the obsolete
     100    usbfs filesystem:</para>
     101
     102<screen><literal>usbfs  /proc/bus/usb  usbfs  devgid=14,devmode=0660  0  0</literal></screen>
     103
     104    <note><para>Adding users to the "usb" group is inherently insecure, as they
     105    can bypass access restrictions imposed through the driver-specific USB
     106    device nodes. For instance, they can read sensitive data from USB hard drives
     107    without being in the "disk" group. Avoid adding users to this group, if
     108    you can.</para></note>
     109
     110  </sect2>
     111
    53112  <sect2>
    54113    <title>Udev Device Attributes</title>
     
    69128    scanner <application>udev</application> rules are put into place when
    70129    installing <xref linkend='sane'/>.</para></note>
    71 
    72   </sect2>
    73 
    74   <sect2>
    75     <title>USB Device Issues</title>
    76 
    77     <para>Some older applications, such as <application>VMware</application>,
    78     need the following deprecated entry in the <filename>/etc/fstab</filename>
    79     file. This is not normally needed.</para>
    80 
    81 <screen><literal>usbfs  /proc/bus/usb  usbfs  devgid=14,devmode=0660  0  0</literal></screen>
    82130
    83131  </sect2>
Note: See TracChangeset for help on using the changeset viewer.