From 67c89548d112e3d00ccdbad399720458b8289117 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 4 Jan 2009 17:38:33 +0100 Subject: [PATCH] update NEWS --- NEWS | 34 +++++++++++++++++++++++++--------- README | 5 +++-- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/NEWS b/NEWS index 1a1d5fb71..0e5395b3b 100644 --- a/NEWS +++ b/NEWS @@ -2,19 +2,29 @@ udev 136 ======== Bugfixes. -For some more advanced features Linux 2.6.22 is the oldest supported -version now. The kernel config with enabled SYSFS_DEPRECATED -is no longer supported. Older kernels should still work, and devices -nodes should be reliably created, but some rules and libudev will -not work correctly because the old kernels do not provide the expected -information or interfaces. - We are currently merging the Ubuntu rules in the udev default rules, -and get one step closer to provide a common Linux /dev setup regarding +and get one step closer to provide a common Linux /dev setup, regarding device names, symlinks, and default device permissions. On udev startup, -we now expect the following groups to be resolvable to their ids by +we now expect the following groups to be resolvable to their ids with glibc's getgrnam(): disk, cdrom, floppy, tape, audio, video, lp, tty, dialout, kmem. +LDAP setups need to make sure, that these groups are always resolvable at +bootup, with only the rootfs mounted, and without network access available. + +Some systems may need to add some new, currently not used groups, or need +to add some users to new groups, but the cost of this change is minimal, +compared to the pain the current, rather random, differences between the +various distributions cause for upstream projects and third-party vendors. + +In general, "normal" users who log into a machine should never be a member +of any such group, but the device-access should be managed by dynamic ACLs, +which get added and removed for the specific users on login/logout and +session activity/inactivity. These groups are only provided for custom setups, +and mainly system services, to allow proper privilege separation. +A video-streaming daemon uid would be a member of "audio" and "video", to get +access to the sound and video devices, but no "normal" user ever belongs in +the "audio" group, because he could listen to the built-in microphone with +any ssh-session established from the other side of the world. /dev/serial/by-{id,path}/ now contains links for ttyUSB devices, which do not depend on the kernel device name. As usual, unique @@ -26,6 +36,12 @@ and can only be found reliably in the by-path/ directory. Devices specified by by-path/ must not change their connection, like the USB port number they are plugged in, to keep their name. +To support some advanced features, Linux 2.6.22 is the oldest supported +version now. The kernel config with enabled SYSFS_DEPRECATED is no longer +supported. Older kernels should still work, and devices nodes should be +reliably created, but some rules and libudev will not work correctly because +the old kernels do not provide the expected information or interfaces. + udev 135 ======== Bugfixes. diff --git a/README b/README index cd3628736..773bc5508 100644 --- a/README +++ b/README @@ -20,9 +20,10 @@ Requirements: be mounted at /sys/. No other locations are supported by udev. - The system must have the following group names resolvable at udev startup: - disk, cdrom, floppy, tape, audio, video, lp, tty, dialout, kmem + disk, cdrom, floppy, tape, audio, video, lp, tty, dialout, kmem. Especially in LDAP setups, it is required, that getgrnam() is able to resolve - these group names while no network is available. + these group names with only the rootfs mounted, and while no network is + available. Operation: Udev creates and removes device nodes in /dev/, based on events the kernel -- 2.30.2