mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-05 09:17:44 +03:00
b5d3138f91
Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU 6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for VMs. EPC is the reserved physical memory used for hosting enclaves.
113 lines
4.9 KiB
Plaintext
113 lines
4.9 KiB
Plaintext
# do not edit this file, it will be overwritten on update
|
|
|
|
# run a command on remove events
|
|
ACTION=="remove", ENV{REMOVE_CMD}!="", RUN+="$env{REMOVE_CMD}"
|
|
ACTION=="remove", GOTO="default_end"
|
|
|
|
SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-ports/$attr{name}"
|
|
|
|
# select "system RTC" or just use the first one
|
|
SUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc"
|
|
SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100"
|
|
|
|
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
|
|
ENV{MODALIAS}!="", IMPORT{builtin}="hwdb --subsystem=$env{SUBSYSTEM}"
|
|
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="hwdb 'usb:v$attr{idVendor}p$attr{idProduct}'"
|
|
|
|
ACTION!="add", GOTO="default_end"
|
|
|
|
SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
|
|
SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666"
|
|
SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620"
|
|
SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620"
|
|
SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620"
|
|
SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620"
|
|
SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
|
|
KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
|
|
|
|
SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
|
|
|
|
SUBSYSTEM=="input", GROUP="input"
|
|
SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664"
|
|
|
|
SUBSYSTEM=="video4linux", GROUP="video"
|
|
SUBSYSTEM=="graphics", GROUP="video"
|
|
SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video"
|
|
SUBSYSTEM=="dvb", GROUP="video"
|
|
SUBSYSTEM=="media", GROUP="video"
|
|
SUBSYSTEM=="cec", GROUP="video"
|
|
|
|
SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="{{GROUP_RENDER_MODE}}"
|
|
SUBSYSTEM=="kfd", GROUP="render", MODE="{{GROUP_RENDER_MODE}}"
|
|
|
|
SUBSYSTEM=="misc", KERNEL=="sgx_enclave", GROUP="sgx", MODE="0660"
|
|
SUBSYSTEM=="misc", KERNEL=="sgx_vepc", GROUP="sgx", MODE="0660"
|
|
|
|
# When using static_node= with non-default permissions, also update
|
|
# tmpfiles.d/static-nodes-permissions.conf.in to keep permissions synchronized.
|
|
|
|
SUBSYSTEM=="sound", GROUP="audio", \
|
|
OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
|
|
|
|
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", MODE="0664"
|
|
|
|
SUBSYSTEM=="firewire", TEST=="units", TEST=="model", \
|
|
IMPORT{builtin}="hwdb 'ieee1394:node:ven$attr{vendor}mo$attr{model}units$attr{units}'"
|
|
|
|
SUBSYSTEM=="firewire", TEST=="units", TEST!="model", \
|
|
IMPORT{builtin}="hwdb 'ieee1394:node:ven$attr{vendor}units$attr{units}'"
|
|
|
|
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", GROUP="audio"
|
|
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_AUDIO}=="1", GROUP="audio"
|
|
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_VIDEO}=="1", GROUP="video"
|
|
|
|
KERNEL=="parport[0-9]*", GROUP="lp"
|
|
SUBSYSTEM=="printer", KERNEL=="lp*", GROUP="lp"
|
|
SUBSYSTEM=="ppdev", GROUP="lp"
|
|
KERNEL=="lp[0-9]*", GROUP="lp"
|
|
KERNEL=="irlpt[0-9]*", GROUP="lp"
|
|
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
|
|
|
|
SUBSYSTEM=="block", GROUP="disk"
|
|
SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom"
|
|
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom"
|
|
KERNEL=="sch[0-9]*", GROUP="cdrom"
|
|
KERNEL=="pktcdvd[0-9]*", GROUP="cdrom"
|
|
KERNEL=="pktcdvd", GROUP="cdrom"
|
|
|
|
SUBSYSTEM=="scsi_generic|scsi_tape", SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="tape"
|
|
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="0", GROUP="disk"
|
|
KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk"
|
|
KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control"
|
|
KERNEL=="btrfs-control", GROUP="disk"
|
|
KERNEL=="rawctl", GROUP="disk"
|
|
SUBSYSTEM=="raw", KERNEL=="raw[0-9]*", GROUP="disk"
|
|
SUBSYSTEM=="aoe", GROUP="disk", MODE="0220"
|
|
SUBSYSTEM=="aoe", KERNEL=="err", MODE="0440"
|
|
|
|
KERNEL=="rfkill", MODE="0664"
|
|
KERNEL=="tun", MODE="0666", OPTIONS+="static_node=net/tun"
|
|
|
|
KERNEL=="fuse", MODE="0666", OPTIONS+="static_node=fuse"
|
|
|
|
# The static_node is required on s390x and ppc (they are using MODULE_ALIAS)
|
|
KERNEL=="kvm", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node=kvm"
|
|
|
|
KERNEL=="vfio", MODE="0666", OPTIONS+="static_node=vfio/vfio"
|
|
|
|
KERNEL=="vsock", MODE="0666"
|
|
KERNEL=="vhost-vsock", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node=vhost-vsock"
|
|
|
|
KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node=vhost-net"
|
|
|
|
KERNEL=="udmabuf", GROUP="kvm"
|
|
|
|
SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
|
|
|
|
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
|
|
|
|
SUBSYSTEM=="dmi", ENV{ID_SYSFS_ATTRIBUTE_MODEL}=="", ENV{ID_VENDOR}="$attr{sys_vendor}", ENV{ID_MODEL}="$attr{product_name}"
|
|
SUBSYSTEM=="dmi", ENV{ID_SYSFS_ATTRIBUTE_MODEL}=="product_version", ENV{ID_VENDOR}="$attr{sys_vendor}", ENV{ID_MODEL}="$attr{product_version}"
|
|
|
|
LABEL="default_end"
|