[meta-freescale] [meta-fsl-arm][PATCH 1/2] udev-extraconf: restrict access to graphic buffers
Alexander Shashkevich
alex at stunpix.com
Tue Dec 2 10:13:01 PST 2014
For security reasons fb and galcore devices must be only accessible by root user and/or video group.
All other users must not have access to graphic buffers.
Signed-off-by: Alexander Shashkevich <alex at stunpix.com>
---
recipes-core/udev/udev-extraconf/10-imx.rules | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/recipes-core/udev/udev-extraconf/10-imx.rules b/recipes-core/udev/udev-extraconf/10-imx.rules
index 202bf04..6afc1e8 100644
--- a/recipes-core/udev/udev-extraconf/10-imx.rules
+++ b/recipes-core/udev/udev-extraconf/10-imx.rules
@@ -16,10 +16,8 @@ KERNEL=="mc13783_connectiv*", NAME="mc13783_connectivity"
KERNEL=="mxc_iim", MODE="0444", SYMLINK+="mxc_mem"
KERNEL=="mxs_viim", MODE="0444", SYMLINK+="mxc_mem"
KERNEL=="mxc_ipu", MODE="0666"
-KERNEL=="fb0", MODE="0666"
-KERNEL=="fb1", MODE="0666"
-KERNEL=="fb2", MODE="0666"
KERNEL=="mxc_vpu", MODE="0666"
-SUBSYSTEM=="video", MODE="0666"
-KERNEL=="gsl_kmod", MODE="0666"
-KERNEL=="galcore", MODE="0666"
+SUBSYSTEM=="video", MODE="0660"
+KERNEL=="fb[0-9]", MODE="0660", GROUP="video"
+KERNEL=="gsl_kmod", MODE="0660", GROUP="video"
+KERNEL=="galcore", MODE="0660", GROUP="video"
--
1.9.1
More information about the meta-freescale
mailing list