[PATCH 1/5] pkgs: mdevd: backport bugfix
Without this, we can't tell mdevd to leave permissions of device nodes created by devtmpfs alone. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- pkgs/overlay.nix | 2 ++ pkgs/skaware-packages/default.nix | 15 +++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 pkgs/skaware-packages/default.nix diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 2987e7c..b3dfcc1 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -5,4 +5,6 @@ cloud-hypervisor = import ./cloud-hypervisor { inherit final super; }; dbus = import ./dbus { inherit final super; }; + + skawarePackages = import ./skaware-packages { inherit final super; }; }) diff --git a/pkgs/skaware-packages/default.nix b/pkgs/skaware-packages/default.nix new file mode 100644 index 0000000..f0d924b --- /dev/null +++ b/pkgs/skaware-packages/default.nix @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is> +# SPDX-License-Identifier: MIT + +import ../../lib/overlay-package.nix [ "skawarePackages" ] ({ final, super }: + +super.skawarePackages.overrideScope (_: prev: { + mdevd = prev.mdevd.overrideAttrs ({ patches ? [], ... }: { + patches = patches ++ [ + (final.fetchpatch { + url = "https://git.skarnet.org/cgi-bin/cgit.cgi/mdevd/patch/?id=252f241e425bf09ddfb..."; + hash = "sha256-0tEC+yJGyPapsxBqzBXPztF3bl7OwjVAGjhNXtwZQ0g="; + }) + ]; + }); +})) -- 2.51.0
I think it's confusing to use a real mode, only to have the ! cause it to be ignored. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/image/etc/mdev.conf | 4 ++-- vm/sys/net/image/etc/mdev.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf index 0e4a1a0..30e17e6 100644 --- a/img/app/image/etc/mdev.conf +++ b/img/app/image/etc/mdev.conf @@ -2,7 +2,7 @@ # SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is> -$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS -$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface -$MODALIAS=virtio:d0000001Av.* 0:0 660 ! +/etc/mdev/virtiofs +$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface +$MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs dri/card0 0:0 660 +background { /etc/mdev/listen card0 } snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 } diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf index 69011ec..15f2d01 100644 --- a/vm/sys/net/image/etc/mdev.conf +++ b/vm/sys/net/image/etc/mdev.conf @@ -2,4 +2,4 @@ # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS -$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface +$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface -- 2.51.0
This patch has been committed as c6e60a5456fa44d45b3067e7f660daba4347a103, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=c6e60a5456fa44d45b3067e7f660.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
These rules shouldn't be making any changes to device nodes. (Although this is mostly hypothetical since I didn't find any devices with MODALIAS uevent keys and device nodes.) Fixes: 88f2695 ("Initial commit") Fixes: aeb5104 ("Initial commit") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/image/etc/mdev.conf | 2 +- vm/sys/net/image/etc/mdev.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf index 30e17e6..7382067 100644 --- a/img/app/image/etc/mdev.conf +++ b/img/app/image/etc/mdev.conf @@ -1,7 +1,7 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is> --$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS +-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs dri/card0 0:0 660 +background { /etc/mdev/listen card0 } diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf index 15f2d01..412f7f5 100644 --- a/vm/sys/net/image/etc/mdev.conf +++ b/vm/sys/net/image/etc/mdev.conf @@ -1,5 +1,5 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> --$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS +-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface -- 2.51.0
This patch has been committed as 28bcd407ca0fdd06948548cd161c73b8d6e12006, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=28bcd407ca0fdd06948548cd161c.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
Otherwise, it falls back to the default rule, which sets mode 0660. Not ideal for e.g. /dev/null! Fixes: 88f2695 ("Initial commit") Fixes: aeb5104 ("Initial commit") Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/image/etc/mdev.conf | 5 ++++- vm/sys/net/image/etc/mdev.conf | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf index 7382067..df215b9 100644 --- a/img/app/image/etc/mdev.conf +++ b/img/app/image/etc/mdev.conf @@ -1,8 +1,11 @@ # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2021-2023, 2025 Alyssa Ross <hi@alyssa.is> -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs dri/card0 0:0 660 +background { /etc/mdev/listen card0 } snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 } + +# Don't change mode of other device nodes created by devtmpfs. +.* 0:0 0 ! diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf index 412f7f5..2a7e5fe 100644 --- a/vm/sys/net/image/etc/mdev.conf +++ b/vm/sys/net/image/etc/mdev.conf @@ -1,5 +1,8 @@ # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2021, 2025 Alyssa Ross <hi@alyssa.is> -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface + +# Don't change mode of other device nodes created by devtmpfs. +.* 0:0 0 ! -- 2.51.0
This patch has been committed as 89523622a035bcaa721da94b89d091a1da83802f, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=89523622a035bcaa721da94b89d0.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
Signed-off-by: Alyssa Ross <hi@alyssa.is> --- vm/sys/net/file-list.mk | 2 +- vm/sys/net/image/etc/dbus-1/system.conf | 8 -------- vm/sys/net/image/etc/group | 1 + vm/sys/net/image/etc/group.license | 2 ++ vm/sys/net/image/etc/passwd | 1 + vm/sys/net/image/etc/s6-rc/dbus/run | 6 ++++-- 6 files changed, 9 insertions(+), 11 deletions(-) delete mode 100644 vm/sys/net/image/etc/dbus-1/system.conf create mode 100644 vm/sys/net/image/etc/group create mode 100644 vm/sys/net/image/etc/group.license diff --git a/vm/sys/net/file-list.mk b/vm/sys/net/file-list.mk index a6f1a41..15ccd24 100644 --- a/vm/sys/net/file-list.mk +++ b/vm/sys/net/file-list.mk @@ -2,8 +2,8 @@ # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com> FILES = \ - image/etc/dbus-1/system.conf \ image/etc/fstab \ + image/etc/group \ image/etc/init \ image/etc/mdev.conf \ image/etc/mdev/iface \ diff --git a/vm/sys/net/image/etc/dbus-1/system.conf b/vm/sys/net/image/etc/dbus-1/system.conf deleted file mode 100644 index 9ceda7c..0000000 --- a/vm/sys/net/image/etc/dbus-1/system.conf +++ /dev/null @@ -1,8 +0,0 @@ -<?xml version="1.0"?> -<!-- SPDX-License-Identifier: CC0-1.0 --> -<!-- SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> --> -<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" - "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> -<busconfig> - <user>root</user> -</busconfig> diff --git a/vm/sys/net/image/etc/group b/vm/sys/net/image/etc/group new file mode 100644 index 0000000..6d4e77d --- /dev/null +++ b/vm/sys/net/image/etc/group @@ -0,0 +1 @@ +messagebus:x:4: diff --git a/vm/sys/net/image/etc/group.license b/vm/sys/net/image/etc/group.license new file mode 100644 index 0000000..0d3d47c --- /dev/null +++ b/vm/sys/net/image/etc/group.license @@ -0,0 +1,2 @@ +SPDX-License-Identifier: CC0-1.0 +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is> diff --git a/vm/sys/net/image/etc/passwd b/vm/sys/net/image/etc/passwd index 29f3b25..6a54d1d 100644 --- a/vm/sys/net/image/etc/passwd +++ b/vm/sys/net/image/etc/passwd @@ -1 +1,2 @@ root:x:0:0:System administrator:/:/bin/sh +messagebus:x:4:4::/nonexistent:/usr/bin/nologin diff --git a/vm/sys/net/image/etc/s6-rc/dbus/run b/vm/sys/net/image/etc/s6-rc/dbus/run index 26dd403..6e88e80 100644 --- a/vm/sys/net/image/etc/s6-rc/dbus/run +++ b/vm/sys/net/image/etc/s6-rc/dbus/run @@ -1,8 +1,10 @@ #!/bin/execlineb -P # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2020-2021, 2025 Alyssa Ross <hi@alyssa.is> -foreground { mkdir /run/dbus } +if { install -do messagebus -g messagebus /run/dbus } + +s6-setuidgid messagebus dbus-daemon --config-file=/usr/share/dbus-1/system.conf -- 2.51.0
This patch has been committed as c43e5c63a028994d5f66a15db19f415bf3cb7736, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=c43e5c63a028994d5f66a15db19f.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
This patch has been committed as e9805650f877f64a932a2916e8516aa342021613, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=e9805650f877f64a932a2916e851.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
participants (2)
-
Alyssa Ross -
Alyssa Ross