From 85e424c0c852fcb92d108494a6efa9dd0ce943b2 Mon Sep 17 00:00:00 2001 From: Gibeom Gwon Date: Tue, 13 Jul 2021 02:57:43 +0900 Subject: [PATCH] homed: allow systemd-homed access to FIDO2 devices Add DeviceAllow= option for FIDO2 devices in systemd-homed.service. --- units/systemd-homed.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in index 678bbab65c..0576f84697 100644 --- a/units/systemd-homed.service.in +++ b/units/systemd-homed.service.in @@ -20,6 +20,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS DeviceAllow=/dev/loop-control rw DeviceAllow=/dev/mapper/control rw DeviceAllow=block-* rw +DeviceAllow=char-hidraw rw ExecStart={{ROOTLIBEXECDIR}}/systemd-homed IPAddressDeny=any KillMode=mixed