[meta-freescale] [meta-fsl-arm][PATCH v2] udev-extraconf: allow all users to use gpu
Andreas Müller
schnitzeltony at googlemail.com
Mon Dec 1 01:13:55 PST 2014
On Fri, Nov 28, 2014 at 7:07 PM, Alexander Shashkevych <alex at stunpix.com> wrote:
>>> If group "video" with 0660 permissions is more correct for graphic
>>> devices, then we must to update all of them: /dev/fb*, /dev/mxc_*,
>>> /dev/dri/card*, because at the moment they all have 0666 permissions,
>>> but groups are different.
>>
>> I think those belong to video group; this allow for a more safe
>> application as it cannot exploit the user interface and mess up with
>> fb area.
>
> At the moment devices have a following permissions set by udev rule:
>
> $ ls -l /dev/{fb,mcx,gal,dri/}*
> crw-rw-rw- 1 root video Jan 1 00:00 /dev/dri/card0
> lrwxrwxrwx 1 root root Jan 1 00:00 /dev/fb -> fb0
> crw-rw-rw- 1 root video Jan 1 00:00 /dev/fb0
> crw-rw-rw- 1 root video Jan 1 00:00 /dev/fb1
> crw-rw-rw- 1 root root Jan 1 00:00 /dev/galcore
> crw------- 1 root root Jan 1 00:00 /dev/mxc_asrc
> crw------- 1 root root Jan 1 00:00 /dev/mxc_hdmi
> crw-rw-rw- 1 root root Jan 1 00:00 /dev/mxc_ipu
> crw-rw-rw- 1 root root Jan 1 00:00 /dev/mxc_vpu
>
> Part of devices belong to "video" and part to "root" groups, but most
> of them have permissions granted to all users. This definitely
> violates security. If nobody has objections, then we could ask Andreas
> to send a new patch with correct permissions and groups.
>
> PS: If Andreas no longer interested with this patch, then I can take it up.
>
> --
Time and motivation are limited. Additional note / repeating what I
sent earlier: Keeping this as append to udev-extaconf is not the best
idea.
Andreas
More information about the meta-freescale
mailing list