From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 27 09:45:44 2019 Received: (at 36335) by debbugs.gnu.org; 27 Jun 2019 13:45:44 +0000 Received: from localhost ([127.0.0.1]:37684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgUie-0000sI-D2 for submit@debbugs.gnu.org; Thu, 27 Jun 2019 09:45:44 -0400 Received: from eggs.gnu.org ([209.51.188.92]:32798) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgUib-0000s4-Nb for 36335@debbugs.gnu.org; Thu, 27 Jun 2019 09:45:42 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50550) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hgUiW-00005m-H6; Thu, 27 Jun 2019 09:45:36 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=45348 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hgUiV-00022A-Kl; Thu, 27 Jun 2019 09:45:36 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Chris Marusich Subject: Re: bug#36335: Is /dev/kvm missing ACLs? References: <87sgs1c4r0.fsf@gmail.com> <87v9wu4v3l.fsf@gnu.org> <87d0izlere.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 Messidor an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 27 Jun 2019 15:45:33 +0200 In-Reply-To: <87d0izlere.fsf@gmail.com> (Chris Marusich's message of "Wed, 26 Jun 2019 23:32:37 -0700") Message-ID: <87sgrv16rm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36335 Cc: 36335@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Chris, Chris Marusich skribis: > Ludovic Court=C3=A8s writes: > >> Guix System doesn=E2=80=99t use ACLs at all. >> >> However, the udev rule for kvm sets it up like this: >> >> crw-rw---- 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm >> >> and the build users are part of the =E2=80=98kvm=E2=80=99 group. I pers= onally arrange >> to have my user account in that group too. > > It's good to know that the "kvm" group is the right way to grant > permissions. However, if Guix System doesn't use ACLs, then why do some > of my device files have ACLs on them, such as the video device file? > > $ getfacl /dev/video0=20 > getfacl: Removing leading '/' from absolute path names > # file: dev/video0 > # owner: root > # group: video > user::rw- > user:marusich:rw- > group::rw- > mask::rw- > other::--- Good question, I see the same thing here. I suspected a udev rule but =E2=80=98grep=E2=80=99 didn=E2=80=99t find any = that explicitly does that, and there=E2=80=99s no code in eudev that fiddles with ACLs either, a= nd nothing obvious in devtmpfs.c in Linux. So=E2=80=A6 it=E2=80=99s a mystery. Ludo=E2=80=99.