* [PATCH 1/5] pkgs: mdevd: backport bugfix
@ 2025-11-13 13:26 Alyssa Ross
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
` (4 more replies)
0 siblings, 5 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
To: devel
Without this, we can't tell mdevd to leave permissions of device nodes
created by devtmpfs alone.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
pkgs/overlay.nix | 2 ++
pkgs/skaware-packages/default.nix | 15 +++++++++++++++
2 files changed, 17 insertions(+)
create mode 100644 pkgs/skaware-packages/default.nix
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 2987e7c..b3dfcc1 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -5,4 +5,6 @@
cloud-hypervisor = import ./cloud-hypervisor { inherit final super; };
dbus = import ./dbus { inherit final super; };
+
+ skawarePackages = import ./skaware-packages { inherit final super; };
})
diff --git a/pkgs/skaware-packages/default.nix b/pkgs/skaware-packages/default.nix
new file mode 100644
index 0000000..f0d924b
--- /dev/null
+++ b/pkgs/skaware-packages/default.nix
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+# SPDX-License-Identifier: MIT
+
+import ../../lib/overlay-package.nix [ "skawarePackages" ] ({ final, super }:
+
+super.skawarePackages.overrideScope (_: prev: {
+ mdevd = prev.mdevd.overrideAttrs ({ patches ? [], ... }: {
+ patches = patches ++ [
+ (final.fetchpatch {
+ url = "https://git.skarnet.org/cgi-bin/cgit.cgi/mdevd/patch/?id=252f241e425bf09ddfb4a824e40403f40da0da1e";
+ hash = "sha256-0tEC+yJGyPapsxBqzBXPztF3bl7OwjVAGjhNXtwZQ0g=";
+ })
+ ];
+ });
+}))
--
2.51.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
` (3 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
To: devel
I think it's confusing to use a real mode, only to have the ! cause it
to be ignored.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
img/app/image/etc/mdev.conf | 4 ++--
vm/sys/net/image/etc/mdev.conf | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 0e4a1a0..30e17e6 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -2,7 +2,7 @@
# SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
-$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
-$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface
-$MODALIAS=virtio:d0000001Av.* 0:0 660 ! +/etc/mdev/virtiofs
+$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
+$MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 }
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 69011ec..15f2d01 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -2,4 +2,4 @@
# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
-$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
-$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface
+$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
--
2.51.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/5] Don't create/chmod device nodes in generic rules
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
` (2 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
To: devel
These rules shouldn't be making any changes to device
nodes. (Although this is mostly hypothetical since I didn't find any
devices with MODALIAS uevent keys and device nodes.)
Fixes: 88f2695 ("Initial commit")
Fixes: aeb5104 ("Initial commit")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
img/app/image/etc/mdev.conf | 2 +-
vm/sys/net/image/etc/mdev.conf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 30e17e6..7382067 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: EUPL-1.2+
# SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
--$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
+-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
$MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 15f2d01..412f7f5 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -1,5 +1,5 @@
# SPDX-License-Identifier: EUPL-1.2+
# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
--$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
+-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
--
2.51.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/5] Don't change mode of unmatched devtmpfs devices
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
To: devel
Otherwise, it falls back to the default rule, which sets mode 0660.
Not ideal for e.g. /dev/null!
Fixes: 88f2695 ("Initial commit")
Fixes: aeb5104 ("Initial commit")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
img/app/image/etc/mdev.conf | 5 ++++-
vm/sys/net/image/etc/mdev.conf | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 7382067..df215b9 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -1,8 +1,11 @@
# SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021-2023, 2025 Alyssa Ross <hi@alyssa.is>
-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
$MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 }
+
+# Don't change mode of other device nodes created by devtmpfs.
+.* 0:0 0 !
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 412f7f5..2a7e5fe 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -1,5 +1,8 @@
# SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021, 2025 Alyssa Ross <hi@alyssa.is>
-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
+
+# Don't change mode of other device nodes created by devtmpfs.
+.* 0:0 0 !
--
2.51.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
` (2 preceding siblings ...)
2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
To: devel
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
vm/sys/net/file-list.mk | 2 +-
vm/sys/net/image/etc/dbus-1/system.conf | 8 --------
vm/sys/net/image/etc/group | 1 +
vm/sys/net/image/etc/group.license | 2 ++
vm/sys/net/image/etc/passwd | 1 +
vm/sys/net/image/etc/s6-rc/dbus/run | 6 ++++--
6 files changed, 9 insertions(+), 11 deletions(-)
delete mode 100644 vm/sys/net/image/etc/dbus-1/system.conf
create mode 100644 vm/sys/net/image/etc/group
create mode 100644 vm/sys/net/image/etc/group.license
diff --git a/vm/sys/net/file-list.mk b/vm/sys/net/file-list.mk
index a6f1a41..15ccd24 100644
--- a/vm/sys/net/file-list.mk
+++ b/vm/sys/net/file-list.mk
@@ -2,8 +2,8 @@
# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
FILES = \
- image/etc/dbus-1/system.conf \
image/etc/fstab \
+ image/etc/group \
image/etc/init \
image/etc/mdev.conf \
image/etc/mdev/iface \
diff --git a/vm/sys/net/image/etc/dbus-1/system.conf b/vm/sys/net/image/etc/dbus-1/system.conf
deleted file mode 100644
index 9ceda7c..0000000
--- a/vm/sys/net/image/etc/dbus-1/system.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<!-- SPDX-License-Identifier: CC0-1.0 -->
-<!-- SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -->
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
- <user>root</user>
-</busconfig>
diff --git a/vm/sys/net/image/etc/group b/vm/sys/net/image/etc/group
new file mode 100644
index 0000000..6d4e77d
--- /dev/null
+++ b/vm/sys/net/image/etc/group
@@ -0,0 +1 @@
+messagebus:x:4:
diff --git a/vm/sys/net/image/etc/group.license b/vm/sys/net/image/etc/group.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/vm/sys/net/image/etc/group.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/vm/sys/net/image/etc/passwd b/vm/sys/net/image/etc/passwd
index 29f3b25..6a54d1d 100644
--- a/vm/sys/net/image/etc/passwd
+++ b/vm/sys/net/image/etc/passwd
@@ -1 +1,2 @@
root:x:0:0:System administrator:/:/bin/sh
+messagebus:x:4:4::/nonexistent:/usr/bin/nologin
diff --git a/vm/sys/net/image/etc/s6-rc/dbus/run b/vm/sys/net/image/etc/s6-rc/dbus/run
index 26dd403..6e88e80 100644
--- a/vm/sys/net/image/etc/s6-rc/dbus/run
+++ b/vm/sys/net/image/etc/s6-rc/dbus/run
@@ -1,8 +1,10 @@
#!/bin/execlineb -P
# SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2020-2021, 2025 Alyssa Ross <hi@alyssa.is>
-foreground { mkdir /run/dbus }
+if { install -do messagebus -g messagebus /run/dbus }
+
+s6-setuidgid messagebus
dbus-daemon
--config-file=/usr/share/dbus-1/system.conf
--
2.51.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as c6e60a5456fa44d45b3067e7f660daba4347a103,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=c6e60a5456fa44d45b3067e7f660daba4347a103.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/5] pkgs: mdevd: backport bugfix
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
` (3 preceding siblings ...)
2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
4 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as e9805650f877f64a932a2916e8516aa342021613,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=e9805650f877f64a932a2916e8516aa342021613.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 3/5] Don't create/chmod device nodes in generic rules
2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as 28bcd407ca0fdd06948548cd161c73b8d6e12006,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=28bcd407ca0fdd06948548cd161c73b8d6e12006.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root
2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as c43e5c63a028994d5f66a15db19f415bf3cb7736,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=c43e5c63a028994d5f66a15db19f415bf3cb7736.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 4/5] Don't change mode of unmatched devtmpfs devices
2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as 89523622a035bcaa721da94b89d091a1da83802f,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=89523622a035bcaa721da94b89d091a1da83802f.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-11-26 21:11 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
2025-11-26 21:11 ` Alyssa Ross
2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).