[PATCH 1/5] pkgs: mdevd: backport bugfix

patches and low-level development discussion
 help / color / mirror / code / Atom feed

* [PATCH 1/5] pkgs: mdevd: backport bugfix
@ 2025-11-13 13:26 Alyssa Ross
  2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
                   ` (4 more replies)
  0 siblings, 5 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
  To: devel

Without this, we can't tell mdevd to leave permissions of device nodes
created by devtmpfs alone.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 pkgs/overlay.nix                  |  2 ++
 pkgs/skaware-packages/default.nix | 15 +++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 pkgs/skaware-packages/default.nix

diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 2987e7c..b3dfcc1 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -5,4 +5,6 @@
   cloud-hypervisor = import ./cloud-hypervisor { inherit final super; };
 
   dbus = import ./dbus { inherit final super; };
+
+  skawarePackages = import ./skaware-packages { inherit final super; };
 })
diff --git a/pkgs/skaware-packages/default.nix b/pkgs/skaware-packages/default.nix
new file mode 100644
index 0000000..f0d924b
--- /dev/null
+++ b/pkgs/skaware-packages/default.nix
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+# SPDX-License-Identifier: MIT
+
+import ../../lib/overlay-package.nix [ "skawarePackages" ] ({ final, super }:
+
+super.skawarePackages.overrideScope (_: prev: {
+  mdevd = prev.mdevd.overrideAttrs ({ patches ? [], ... }: {
+    patches = patches ++ [
+      (final.fetchpatch {
+        url = "https://git.skarnet.org/cgi-bin/cgit.cgi/mdevd/patch/?id=252f241e425bf09ddfb4a824e40403f40da0da1e";
+        hash = "sha256-0tEC+yJGyPapsxBqzBXPztF3bl7OwjVAGjhNXtwZQ0g=";
+      })
+    ];
+  });
+}))
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode
  2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
  2025-11-26 21:11   ` Alyssa Ross
  2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
                   ` (3 subsequent siblings)
  4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
  To: devel

I think it's confusing to use a real mode, only to have the ! cause it
to be ignored.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 img/app/image/etc/mdev.conf    | 4 ++--
 vm/sys/net/image/etc/mdev.conf | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 0e4a1a0..30e17e6 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -2,7 +2,7 @@
 # SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
 
 -$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
-$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface
-$MODALIAS=virtio:d0000001Av.* 0:0 660 ! +/etc/mdev/virtiofs
+$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
+$MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
 dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
 snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 }
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 69011ec..15f2d01 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -2,4 +2,4 @@
 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
 
 -$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
-$INTERFACE=.* 0:0 660 ! +/etc/mdev/iface
+$INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode
  2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
@ 2025-11-26 21:11   ` Alyssa Ross
  0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
  To: Alyssa Ross, devel

This patch has been committed as c6e60a5456fa44d45b3067e7f660daba4347a103,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=c6e60a5456fa44d45b3067e7f660daba4347a103.

This is an automated message.  Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 3/5] Don't create/chmod device nodes in generic rules
  2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
  2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
  2025-11-26 21:11   ` Alyssa Ross
  2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
                   ` (2 subsequent siblings)
  4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
  To: devel

These rules shouldn't be making any changes to device
nodes.  (Although this is mostly hypothetical since I didn't find any
devices with MODALIAS uevent keys and device nodes.)

Fixes: 88f2695 ("Initial commit")
Fixes: aeb5104 ("Initial commit")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 img/app/image/etc/mdev.conf    | 2 +-
 vm/sys/net/image/etc/mdev.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 30e17e6..7382067 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
 
--$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
+-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
 $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
 dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 15f2d01..412f7f5 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: EUPL-1.2+
 # SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
 
--$MODALIAS=.* 0:0 660 +importas -Siu MODALIAS modprobe -q $MODALIAS
+-$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH 3/5] Don't create/chmod device nodes in generic rules
  2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
@ 2025-11-26 21:11   ` Alyssa Ross
  0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
  To: Alyssa Ross, devel

This patch has been committed as 28bcd407ca0fdd06948548cd161c73b8d6e12006,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=28bcd407ca0fdd06948548cd161c73b8d6e12006.

This is an automated message.  Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 4/5] Don't change mode of unmatched devtmpfs devices
  2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
  2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
  2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
  2025-11-26 21:11   ` Alyssa Ross
  2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
  2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
  4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
  To: devel

Otherwise, it falls back to the default rule, which sets mode 0660.
Not ideal for e.g. /dev/null!

Fixes: 88f2695 ("Initial commit")
Fixes: aeb5104 ("Initial commit")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 img/app/image/etc/mdev.conf    | 5 ++++-
 vm/sys/net/image/etc/mdev.conf | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/img/app/image/etc/mdev.conf b/img/app/image/etc/mdev.conf
index 7382067..df215b9 100644
--- a/img/app/image/etc/mdev.conf
+++ b/img/app/image/etc/mdev.conf
@@ -1,8 +1,11 @@
 # SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021-2023, 2025 Alyssa Ross <hi@alyssa.is>
 
 -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
 $MODALIAS=virtio:d0000001Av.* 0:0 0 ! +/etc/mdev/virtiofs
 dri/card0 0:0 660 +background { /etc/mdev/listen card0 }
 snd/controlC0 0:0 660 +background { /etc/mdev/listen controlC0 }
+
+# Don't change mode of other device nodes created by devtmpfs.
+.* 0:0 0 !
diff --git a/vm/sys/net/image/etc/mdev.conf b/vm/sys/net/image/etc/mdev.conf
index 412f7f5..2a7e5fe 100644
--- a/vm/sys/net/image/etc/mdev.conf
+++ b/vm/sys/net/image/etc/mdev.conf
@@ -1,5 +1,8 @@
 # SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2021, 2025 Alyssa Ross <hi@alyssa.is>
 
 -$MODALIAS=.* 0:0 0 ! +importas -Siu MODALIAS modprobe -q $MODALIAS
 $INTERFACE=.* 0:0 0 ! +/etc/mdev/iface
+
+# Don't change mode of other device nodes created by devtmpfs.
+.* 0:0 0 !
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH 4/5] Don't change mode of unmatched devtmpfs devices
  2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
@ 2025-11-26 21:11   ` Alyssa Ross
  0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
  To: Alyssa Ross, devel

This patch has been committed as 89523622a035bcaa721da94b89d091a1da83802f,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=89523622a035bcaa721da94b89d091a1da83802f.

This is an automated message.  Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root
  2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
                   ` (2 preceding siblings ...)
  2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
@ 2025-11-13 13:26 ` Alyssa Ross
  2025-11-26 21:11   ` Alyssa Ross
  2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
  4 siblings, 1 reply; 10+ messages in thread
From: Alyssa Ross @ 2025-11-13 13:26 UTC (permalink / raw)
  To: devel

Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
 vm/sys/net/file-list.mk                 | 2 +-
 vm/sys/net/image/etc/dbus-1/system.conf | 8 --------
 vm/sys/net/image/etc/group              | 1 +
 vm/sys/net/image/etc/group.license      | 2 ++
 vm/sys/net/image/etc/passwd             | 1 +
 vm/sys/net/image/etc/s6-rc/dbus/run     | 6 ++++--
 6 files changed, 9 insertions(+), 11 deletions(-)
 delete mode 100644 vm/sys/net/image/etc/dbus-1/system.conf
 create mode 100644 vm/sys/net/image/etc/group
 create mode 100644 vm/sys/net/image/etc/group.license

diff --git a/vm/sys/net/file-list.mk b/vm/sys/net/file-list.mk
index a6f1a41..15ccd24 100644
--- a/vm/sys/net/file-list.mk
+++ b/vm/sys/net/file-list.mk
@@ -2,8 +2,8 @@
 # SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
 
 FILES = \
-	image/etc/dbus-1/system.conf \
 	image/etc/fstab \
+	image/etc/group \
 	image/etc/init \
 	image/etc/mdev.conf \
 	image/etc/mdev/iface \
diff --git a/vm/sys/net/image/etc/dbus-1/system.conf b/vm/sys/net/image/etc/dbus-1/system.conf
deleted file mode 100644
index 9ceda7c..0000000
--- a/vm/sys/net/image/etc/dbus-1/system.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<!-- SPDX-License-Identifier: CC0-1.0 -->
-<!-- SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is> -->
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
-    "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-  <user>root</user>
-</busconfig>
diff --git a/vm/sys/net/image/etc/group b/vm/sys/net/image/etc/group
new file mode 100644
index 0000000..6d4e77d
--- /dev/null
+++ b/vm/sys/net/image/etc/group
@@ -0,0 +1 @@
+messagebus:x:4:
diff --git a/vm/sys/net/image/etc/group.license b/vm/sys/net/image/etc/group.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/vm/sys/net/image/etc/group.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/vm/sys/net/image/etc/passwd b/vm/sys/net/image/etc/passwd
index 29f3b25..6a54d1d 100644
--- a/vm/sys/net/image/etc/passwd
+++ b/vm/sys/net/image/etc/passwd
@@ -1 +1,2 @@
 root:x:0:0:System administrator:/:/bin/sh
+messagebus:x:4:4::/nonexistent:/usr/bin/nologin
diff --git a/vm/sys/net/image/etc/s6-rc/dbus/run b/vm/sys/net/image/etc/s6-rc/dbus/run
index 26dd403..6e88e80 100644
--- a/vm/sys/net/image/etc/s6-rc/dbus/run
+++ b/vm/sys/net/image/etc/s6-rc/dbus/run
@@ -1,8 +1,10 @@
 #!/bin/execlineb -P
 # SPDX-License-Identifier: EUPL-1.2+
-# SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
+# SPDX-FileCopyrightText: 2020-2021, 2025 Alyssa Ross <hi@alyssa.is>
 
-foreground { mkdir /run/dbus }
+if { install -do messagebus -g messagebus /run/dbus }
+
+s6-setuidgid messagebus
 
 dbus-daemon
   --config-file=/usr/share/dbus-1/system.conf
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root
  2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
@ 2025-11-26 21:11   ` Alyssa Ross
  0 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
  To: Alyssa Ross, devel

This patch has been committed as c43e5c63a028994d5f66a15db19f415bf3cb7736,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=c43e5c63a028994d5f66a15db19f415bf3cb7736.

This is an automated message.  Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH 1/5] pkgs: mdevd: backport bugfix
  2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
                   ` (3 preceding siblings ...)
  2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
@ 2025-11-26 21:11 ` Alyssa Ross
  4 siblings, 0 replies; 10+ messages in thread
From: Alyssa Ross @ 2025-11-26 21:11 UTC (permalink / raw)
  To: Alyssa Ross, devel

This patch has been committed as e9805650f877f64a932a2916e8516aa342021613,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=e9805650f877f64a932a2916e8516aa342021613.

This is an automated message.  Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2025-11-26 21:11 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-13 13:26 [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross
2025-11-13 13:26 ` [PATCH 2/5] Use 0 mode in mdev.conf when not changing mode Alyssa Ross
2025-11-26 21:11   ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 3/5] Don't create/chmod device nodes in generic rules Alyssa Ross
2025-11-26 21:11   ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 4/5] Don't change mode of unmatched devtmpfs devices Alyssa Ross
2025-11-26 21:11   ` Alyssa Ross
2025-11-13 13:26 ` [PATCH 5/5] vm/sys/net: run dbus-daemon as non-root Alyssa Ross
2025-11-26 21:11   ` Alyssa Ross
2025-11-26 21:11 ` [PATCH 1/5] pkgs: mdevd: backport bugfix Alyssa Ross

Code repositories for project(s) associated with this public inbox

	https://spectrum-os.org/git/crosvm
	https://spectrum-os.org/git/doc
	https://spectrum-os.org/git/mktuntap
	https://spectrum-os.org/git/nixpkgs
	https://spectrum-os.org/git/spectrum
	https://spectrum-os.org/git/ucspi-vsock
	https://spectrum-os.org/git/www

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).