Changeset e77b014 for postlfs/config/devices.xml
- Timestamp:
- 08/25/2023 12:36:13 PM (13 months ago)
- Branches:
- 12.0, 12.1, 12.2, gimp3, ken/TL2024, ken/tuningfonts, lazarus, plabs/newcss, python3.11, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/for-12.3, xry111/llvm18, xry111/spidermonkey128
- Children:
- eb0031c
- Parents:
- 78d568a
- git-author:
- Xi Ruoyao <xry111@…> (08/25/2023 12:29:00 PM)
- git-committer:
- Xi Ruoyao <xry111@…> (08/25/2023 12:36:13 PM)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/config/devices.xml
r78d568a re77b014 77 77 successfully, the permissions have to be set correctly. By default, due 78 78 to security concerns, all raw USB devices are owned by user root and 79 group usb, and have 0664 permissions (the read access is needed, e.g.,79 group root, and have 0664 permissions (the read access is needed, e.g., 80 80 for lsusb to work and for programs to access USB hubs). Packages (such 81 81 as SANE and libgphoto2) containing userspace USB device drivers also … … 88 88 89 89 <para> 90 There is one situation when such fine-grained access control with91 pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,92 QEMU and VirtualBox use raw USB device nodes to present arbitrary USB93 devices to the guest operating system (note: patches are needed in order94 to get this to work without the obsolete /proc/bus/usb mount point95 described below). Obviously, maintainers of these packages cannot know96 which USB devices are going to be connected to the guest operating97 system. You can either write separate udev rules for all needed USB98 devices yourself, or use the default catch-all "usb" group, members99 of which can send arbitrary commands to all USB devices.100 </para>101 102 <para>103 90 Before Linux-2.6.15, raw USB device access was performed not with 104 91 /dev/bus/usb/BBB/DDD device nodes, but with /proc/bus/usb/BBB/DDD 105 pseudofiles. Some applications (e.g., VMware Workstation) still use only 106 this deprecated technique and can't use the new device nodes. For them to 107 work, use the "usb" group, but remember that members will have 108 unrestricted access to all USB devices. To create the fstab entry for 109 the obsolete usbfs filesystem: 110 </para> 111 112 <screen><literal>usbfs /proc/bus/usb usbfs devgid=14,devmode=0660 0 0</literal></screen> 113 114 <note> 115 <para> 116 Adding users to the "usb" group is inherently insecure, as they can 117 bypass access restrictions imposed through the driver-specific USB 118 device nodes. For instance, they can read sensitive data from USB 119 hard drives without being in the "disk" group. Avoid adding users 120 to this group, if you can. 121 </para> 122 </note> 92 pseudofiles. Some applications still use only 93 this deprecated technique and can't use the new device nodes. They 94 cannot work with Linux kernel version 3.5 or newer. If you need to 95 run such an application, contact the developer of it for a fix. 96 </para> 123 97 124 98 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.