[Bug 1103022] Re: 70-udev-acl.rules needs to put g+rw on /dev/kvm

[Serge Hallyn]

This test case shows the bug in udev-acl.c.

When udev-acl is called to add a user acl, it

1. gets the current acl
2. removes any acl for non-current user
3. adds acl for user
4. writes the result.

Any existing group acl is kept.

What this test case shows, is that in step 1 udev will get what looks
like a group acl (for zero perms) - even though that was not an acl, it
was just the group perms on the inode.  Then in step 4, that acl gets
written as an explicit acl.

To test, compile the program, touch a file, look at the perms, run this
program specifying the file as argument, and re-check the perms:

1. gcc -o acltest acltest.c -lacl
2. echo ab > ab
3. chmod 700 ab
3. ls -l ab; getfacl ab
4. ./acltest ab
5. ls -l ab; getfacl ab

An acl has been added to ab (indicated by '+' in ls output), which was
not there before


** Attachment added: "acltest.c"
   https://bugs.launchpad.net/ubuntu/+source/udev/+bug/1103022/+attachment/3526573/+files/acltest.c

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to udev in Ubuntu.
https://bugs.launchpad.net/bugs/1103022

Title:
  70-udev-acl.rules needs to put g+rw on /dev/kvm

Status in “udev” package in Ubuntu:
  Confirmed

Bug description:
  When qemu-system gets installed, the newly installed udev rule causes
  /dev/kvm to gets chgrpd to kvm and its mode to get set to g+rw.
  However, because /dev/kvm was tagged with ACL previously, there is a
  group:: acl on /dev/kvm which does not get removed.  Therefore
  /dev/kvm is g+rw in the file mode, but the acl denies group read/write
  access.  After a reboot all is fine.

  I have not seen a clean way to have udev remove that acl, and there is
  no reason for it.  So please update the 70-udev-acl.rules file to set
  MODE=0660 on /dev/kvm

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udev/+bug/1103022/+subscriptions