From 772f7d4188e5d2f99c03f217b91d35efb482ae42 Mon Sep 17 00:00:00 2001 From: Peter Rajnoha Date: Thu, 22 Oct 2009 13:11:33 +0000 Subject: [PATCH] Use udev flags in the rules and cleanup the rules: - remove default permissions set in 95-dm-notify.rules (and add a hint in 12-dm-permissions.rules to set it by the user directly) - add multipath DM_ACTION=="PATH_FAILED" filter - remove unnecessary filters in the headers of the rules (we can simply use DM_UDEV_RULES_VSN instead) - fix symlink priorities in /dev/disk/ (snapshot volumes have low priority for FS UUID symlinks so it will not overwrite symlinks for the origin) --- WHATS_NEW_DM | 1 + udev/10-dm.rules.in | 10 +++++++--- udev/11-lvm.rules | 10 ++-------- udev/12-dm-disk.rules | 13 +++---------- udev/12-dm-permissions.rules | 8 +++++--- udev/95-dm-notify.rules | 2 -- 6 files changed, 18 insertions(+), 26 deletions(-) diff --git a/WHATS_NEW_DM b/WHATS_NEW_DM index 74a24dca1..2a6e7c9b5 100644 --- a/WHATS_NEW_DM +++ b/WHATS_NEW_DM @@ -1,5 +1,6 @@ Version 1.02.39 - ===================================== + Remove strict default permissions for DM devices from 95-dm-notify.rules. Add dmsetup udevflags command to decode udev flags in given cookie value. Add udev flags support in libdevmapper. Make libdm ABI consistent when built with/without selinux support. diff --git a/udev/10-dm.rules.in b/udev/10-dm.rules.in index 1386b40a4..211c0c31a 100644 --- a/udev/10-dm.rules.in +++ b/udev/10-dm.rules.in @@ -20,6 +20,9 @@ ENV{DM_SBIN_PATH}="/sbin" TEST!="$env{DM_SBIN_PATH}/dmsetup", ENV{DM_SBIN_PATH}="/usr/sbin" TEST!="$env{DM_SBIN_PATH}/dmsetup", GOTO="dm_end" +# Decode udev control flags and set environment variables appropriately. +ENV{DM_COOKIE}=="?*", IMPORT{program}="$env{DM_SBIN_PATH}/dmsetup udevflags $env{DM_COOKIE}" + ACTION!="add|change", GOTO="dm_end" # Normally, we operate on "change" events only. But when @@ -55,10 +58,11 @@ ENV{DM_SUSPENDED}=="Suspended", ENV{DM_SUSPENDED}="1" # possible future changes. ENV{DM_UDEV_RULES_VSN}="1" -ENV{DM_NAME}=="?*", NAME="$kernel", SYMLINK+="(DM_DIR)/$env{DM_NAME}" +ENV{DM_NAME}=="?*", SYMLINK+="(DM_DIR)/$env{DM_NAME}" -# We have to ignore further rule application for temporary -# cryptsetup devices. But don't forget to send the notification! +# We have to ignore further rule application for inappropriate events +# and devices. But still send the notification if cookie exists. +ENV{DM_UUID}=="mpath-?*", ENV{DM_ACTION}=="PATH_FAILED", GOTO="dm_last_rule" ENV{DM_UUID}=="CRYPT-TEMP-?*", GOTO="dm_last_rule" ENV{DM_UUID}!="?*", ENV{DM_NAME}=="temporary-cryptsetup-?*", GOTO="dm_last_rule" diff --git a/udev/11-lvm.rules b/udev/11-lvm.rules index 8ac6525c3..bcec09502 100644 --- a/udev/11-lvm.rules +++ b/udev/11-lvm.rules @@ -8,17 +8,11 @@ # DM_VG_NAME - volume group name # DM_LV_LAYER - logical volume layer (blank if not set) -SUBSYSTEM!="block", GOTO="lvm_end" -KERNEL!="dm-[0-9]*", GOTO="lvm_end" +# "add" event is processed on coldplug only! ACTION!="add|change", GOTO="lvm_end" ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="lvm_end" ENV{DM_UUID}!="LVM-?*", GOTO="lvm_end" - -# Normally, we operate on "change" events only. But when -# coldplugging, there's an "add" event present. We have -# to recognize this and do our actions in this particular -# situation, too. -ACTION=="add", ENV{STARTUP}!="1", GOTO="lvm_end" +ENV{DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG}=="1", GOTO="lvm_end" # Use DM name and split it up into its VG/LV/layer constituents. IMPORT{program}="$env{DM_SBIN_PATH}/dmsetup splitname --nameprefixes --noheadings --rows $env{DM_NAME}" diff --git a/udev/12-dm-disk.rules b/udev/12-dm-disk.rules index b11006415..16a6edd25 100644 --- a/udev/12-dm-disk.rules +++ b/udev/12-dm-disk.rules @@ -5,16 +5,10 @@ # label and uuid are created only if the device is not # suspended. -SUBSYSTEM!="block", GOTO="dm_end" -KERNEL!="dm-[0-9]*", GOTO="dm_end" +# "add" event is processed on coldplug only! ACTION!="add|change", GOTO="dm_end" ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_end" - -# Normally, we operate on "change" events only. But when -# coldplugging, there's an "add" event present. We have to -# recognize this and do our actions in this particular -# situation, too. -ACTION=="add", ENV{STARTUP}!="1", GOTO="dm_end" +ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}=="1", GOTO="dm_end" SYMLINK+="disk/by-id/dm-name-$env{DM_NAME}" ENV{DM_UUID}=="?*", SYMLINK+="disk/by-id/dm-uuid-$env{DM_UUID}" @@ -22,8 +16,7 @@ ENV{DM_UUID}=="?*", SYMLINK+="disk/by-id/dm-uuid-$env{DM_UUID}" ENV{DM_SUSPENDED}=="1", GOTO="dm_end" IMPORT{program}="$env{DM_SBIN_PATH}/blkid -o udev -p $tempnode" -OPTIONS="link_priority=-100" -ENV{DM_LV_LAYER}=="?*", OPTIONS="link_priority=-90" +ENV{DM_UDEV_LOW_PRIORITY_FLAG}=="1", OPTIONS="link_priority=-100" ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}" ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}" diff --git a/udev/12-dm-permissions.rules b/udev/12-dm-permissions.rules index cc3e4cfdc..9ceb8f8a9 100644 --- a/udev/12-dm-permissions.rules +++ b/udev/12-dm-permissions.rules @@ -15,9 +15,8 @@ # DM_VG_NAME - volume group name (not set if LVM device not present) # DM_LV_LAYER - logical volume layer (not set if LVM device not present) -SUBSYSTEM!="block", GOTO="dm_end" -KERNEL!="dm-[0-9]*", GOTO="dm_end" -ACTION!="change", GOTO="dm_end" +# "add" event is processed on coldplug only! +ACTION!="add|change", GOTO="dm_end" ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_end" # A few demonstrational examples... @@ -72,4 +71,7 @@ ENV{DM_UDEV_RULES_VSN}!="?*", GOTO="dm_end" # listed at the beginning of this file (udev provides simple pattern matching by # using *, ? and [] that you can use, see 'man udev' for more information). +# Set default permissions for all DM devices if not set before. +# OWNER:="root", GROUP:="root", MODE:="660" + LABEL="dm_end" diff --git a/udev/95-dm-notify.rules b/udev/95-dm-notify.rules index 5834239a0..085313b0c 100644 --- a/udev/95-dm-notify.rules +++ b/udev/95-dm-notify.rules @@ -4,13 +4,11 @@ # waiting for completion of udev rules. The process is identified by # a cookie value sent within "change" and "remove" events (the cookie # value is set before by that process for every action requested). -# Also, it sets default permissions for DM devices if not set already. SUBSYSTEM!="block", GOTO="dm_end" KERNEL!="dm-[0-9]*", GOTO="dm_end" ACTION!="change|remove", GOTO="dm_end" -ACTION=="change", OWNER:="root", GROUP:="root", MODE:="600" ENV{DM_COOKIE}=="?*", RUN+="$env{DM_SBIN_PATH}/dmsetup udevcomplete $env{DM_COOKIE}" LABEL="dm_end"