18955 – HAL does not apply ACL on DRM device

Bug 18955 - HAL does not apply ACL on DRM device

Summary: HAL does not apply ACL on DRM device

Status:	RESOLVED FIXED

Alias:	None

Product:	hal
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	unspecified
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	high normal
Assignee:	David Zeuthen (not reading bugmail)
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-08 09:27 UTC by Albert Damen
Modified:	2009-01-19 11:05 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
hal-device output (886 bytes, text/plain) 2008-12-08 09:27 UTC, Albert Damen	Details
View All

Description Albert Damen 2008-12-08 09:27:29 UTC

Created attachment 20903 [details]
hal-device output

This bug was originally reported in Ubuntu at launchpad: https://bugs.launchpad.net/ubuntu/+source/hal/+bug/306014

hal version: 0.5.12~rc1
Ubuntu Jaunty (development release)

In Ubuntu performance of 3D graphics, like glxgears, has dropped significantly with libdrm 2.4.1. Investigation showed I did not have rw access to the DRM device /dev/dri/card0. Access rights were crw-rw----, owner root, group video.
I am not a member of the video group.

However, HAL is supposed to set an ACL on the DRM device. getfacl showed this was not done successfully.
$ sudo getfacl /dev/dri/card0
getfacl: Removing leading '/' from absolute path names
# file: dev/dri/card0
# owner: root
# group: video
user::rw-
group::rw-
other::---

Policy-kit showed console and active console should get access to the DRM device.
Console-kit showed a valid session for me.

Attached is the output of hal-find-by-capability --capability drm | xargs hal-device

/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi contains:
    <match key="info.capabilities" contains="drm">
        <append key="info.capabilities" type="strlist">access_control</append>
        <merge key="access_control.file" type="copy_property">input.device</merge>
        <merge key="access_control.type" type="string">video</merge>
    </match>

(I found the same lines on git).
However, hal-device does not list the property input.device, so apparently the key access_control.file could not be set.

Replacing:
<merge key="access_control.file" type="copy_property">input.device</merge>
by:
<merge key="access_control.file" type="copy_property">linux.device_file</merge>

solved the problem for me. Now the ACL was applied and performance was back to normal:
$ sudo getfacl /dev/dri/card0
getfacl: Removing leading '/' from absolute path names
# file: dev/dri/card0
# owner: root
# group: video
user::rw-
user:albert:rw-
group::rw-
mask::rw-
other::---

I have an Intel GM965 Integrated Graphics Controller, pci-id 8086:2a02.
Kernel is 2.6.28-2-generic (based on 2.6.28-rc7). I got the same results with an older kernel, 2.6.27-7-generic.

NB: libdrm 2.4.1 is the first version in Ubuntu using udev. Older versions set permissions on /dev/dri/card0 in a different way.

Comment 1 Albert Damen 2009-01-19 11:05:55 UTC

author	Martin Pitt <martin.pitt@ubuntu.com>	2009-01-19 11:08:59 (GMT)
committer	Martin Pitt <martin.pitt@ubuntu.com>	2009-01-19 11:08:59 (GMT)
commit	93c3cff6ed9ce7378aa37ead8b37e0bc837d6bc0

fix auto ACL management for DRI

Fix copy&paste error which assigned the wrong access_control.file for /dev/drm/card* devices. It previously copied "input.device", but should be "linux.device_file".

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.