[PATCH] host/rootfs: create groups assumed by udev
We don't really care about these groups, but if they don't exist, udev will also not apply the "other" modes from rules, leaving e.g. /dev/kvm root-only when it should be globally read/write. tty is set to 5, conforming with the systemd convention. Link: https://systemd.io/UIDS-GIDS/ Signed-off-by: Alyssa Ross <hi@alyssa.is> --- Demi, this should avoid the need to add a udev rule for /dev/kvm. host/rootfs/image/etc/group | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group index 18acc30..e3ade46 100644 --- a/host/rootfs/image/etc/group +++ b/host/rootfs/image/etc/group @@ -1 +1,15 @@ root:x:0:root +clock:x:1: +dialout:x:2: +kmem:x:3: +input:x:4: +tty:x:5: +video:x:6: +render:x:7: +sgx:x:8: +audio:x:9: +lp:x:10: +disk:x:11: +cdrom:x:12: +tape:x:13: +kvm:x:14: base-commit: a13d3403c1ddbb8dbbbdb05416350b2846162ed1 -- 2.51.0
On 12/4/25 10:04, Alyssa Ross wrote:
We don't really care about these groups, but if they don't exist, udev will also not apply the "other" modes from rules, leaving e.g. /dev/kvm root-only when it should be globally read/write.
tty is set to 5, conforming with the systemd convention.
Link: https://systemd.io/UIDS-GIDS/ Signed-off-by: Alyssa Ross <hi@alyssa.is> --- Demi, this should avoid the need to add a udev rule for /dev/kvm.
host/rootfs/image/etc/group | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group index 18acc30..e3ade46 100644 --- a/host/rootfs/image/etc/group +++ b/host/rootfs/image/etc/group @@ -1 +1,15 @@ root:x:0:root +clock:x:1: +dialout:x:2: +kmem:x:3: +input:x:4: +tty:x:5: +video:x:6: +render:x:7: +sgx:x:8:
Do we even need this? SGX needs userspace tools that Spectrum doesn't have. I presume that the need for this will go away once Spectrum's host is built without SGX.
+audio:x:9: +lp:x:10: +disk:x:11: +cdrom:x:12: +tape:x:13: +kvm:x:14:
base-commit: a13d3403c1ddbb8dbbbdb05416350b2846162ed1
With or without the above change: Acked-by: Demi Marie Obenour <demiobenour@gmail.com> -- Sincerely, Demi Marie Obenour (she/her/hers)
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/4/25 10:04, Alyssa Ross wrote:
We don't really care about these groups, but if they don't exist, udev will also not apply the "other" modes from rules, leaving e.g. /dev/kvm root-only when it should be globally read/write.
tty is set to 5, conforming with the systemd convention.
Link: https://systemd.io/UIDS-GIDS/ Signed-off-by: Alyssa Ross <hi@alyssa.is> --- Demi, this should avoid the need to add a udev rule for /dev/kvm.
host/rootfs/image/etc/group | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group index 18acc30..e3ade46 100644 --- a/host/rootfs/image/etc/group +++ b/host/rootfs/image/etc/group @@ -1 +1,15 @@ root:x:0:root +clock:x:1: +dialout:x:2: +kmem:x:3: +input:x:4: +tty:x:5: +video:x:6: +render:x:7: +sgx:x:8:
Do we even need this? SGX needs userspace tools that Spectrum doesn't have. I presume that the need for this will go away once Spectrum's host is built without SGX.
I think it's better to have it, because without it udev will continue to warn about it when it reads the default rules. This happens regardless of whether a matching device actually exists.
On 12/5/25 05:18, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
On 12/4/25 10:04, Alyssa Ross wrote:
We don't really care about these groups, but if they don't exist, udev will also not apply the "other" modes from rules, leaving e.g. /dev/kvm root-only when it should be globally read/write.
tty is set to 5, conforming with the systemd convention.
Link: https://systemd.io/UIDS-GIDS/ Signed-off-by: Alyssa Ross <hi@alyssa.is> --- Demi, this should avoid the need to add a udev rule for /dev/kvm.
host/rootfs/image/etc/group | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
diff --git a/host/rootfs/image/etc/group b/host/rootfs/image/etc/group index 18acc30..e3ade46 100644 --- a/host/rootfs/image/etc/group +++ b/host/rootfs/image/etc/group @@ -1 +1,15 @@ root:x:0:root +clock:x:1: +dialout:x:2: +kmem:x:3: +input:x:4: +tty:x:5: +video:x:6: +render:x:7: +sgx:x:8:
Do we even need this? SGX needs userspace tools that Spectrum doesn't have. I presume that the need for this will go away once Spectrum's host is built without SGX.
I think it's better to have it, because without it udev will continue to warn about it when it reads the default rules. This happens regardless of whether a matching device actually exists.
Ah, I missed that part. Then keep it. -- Sincerely, Demi Marie Obenour (she/her/hers)
This patch has been committed as 92e219e7c08c479d216a46d2736ea9d229ff034d, which can be viewed online at https://spectrum-os.org/git/spectrum/commit/?id=92e219e7c08c479d216a46d2736e.... This is an automated message. Send comments/questions/requests to: Alyssa Ross <hi@alyssa.is>
participants (3)
-
Alyssa Ross -
Alyssa Ross -
Demi Marie Obenour