fix: update wooting rules by castrojo · ...

B

bsherman•5/15/23, 4:53 AM

@Arcitec lets discuss here

B

bsherman•5/15/23, 4:53 AM

so the PR there needs updating

A

Arcitec•5/15/23, 4:53 AM

Yeah. Reading. This is a long standing issue of some kind?

B

bsherman•5/15/23, 4:53 AM

not really, but a bit

B

bsherman•5/15/23, 4:54 AM

basically in reviewing this PR i realized it's odd that all those udev rules expect the user to be in

wheel

wheel

wheel

wheel group

B

bsherman•5/15/23, 4:54 AM

that doesn't work if you have non-admin users

B

bsherman•5/15/23, 4:54 AM

but that led me to think about

input

input

input

input group and other stuff... which users are not in by default on Silverblue

B

bsherman•5/15/23, 4:54 AM

so, the new lines of this PR are all merged... but not the changed groups

A

Arcitec•5/15/23, 4:56 AM

Ahh. I will check it in more detail when I wake up (getting close to bed). But adding users to an extra group sounds doable.

B

bsherman•5/15/23, 4:56 AM

yeah, it's doable, just needs to be done right

A

Arcitec•5/15/23, 4:56 AM

We're interested in

input

input

input

input for all the device rules, or

wheel

wheel

wheel

wheel too?

A

Arcitec•5/15/23, 4:56 AM

no... that was a tired question

A

Arcitec•5/15/23, 4:56 AM

Not wheel, of course.

B

bsherman•5/15/23, 4:56 AM

not wheel

B

bsherman•5/15/23, 4:57 AM

probably

input

input

input

input is a decent choice as one could expect non-admin users to be part of it... i think they are by default on Fedora Workstation (need to check)

A

Arcitec•5/15/23, 4:57 AM

Yeah. The hard part is how to modify existing users on a system after a rebase.

B

bsherman•5/15/23, 4:57 AM

on Ubuntu, i think they use

plugdev

plugdev

plugdev

plugdev but that's less common in RedHat/Fedora land

A

Arcitec•5/15/23, 4:57 AM

Default groups are really easy, I think. For new users.

B

bsherman•5/15/23, 4:58 AM

it may be enough to set new defaults in the

main

main

image... maybe as part of a

config

config

config

config generated RPM and have some docs an an announcement for existing users on how to take advantage

A

Arcitec•5/15/23, 4:58 AM

Btw just to check, is the

input

input

input

input group adding the main problem? Or are there other things to worry about too?

B

bsherman•5/15/23, 4:59 AM

i think the

input

input

input

input group is the issue...

1) it DOES exist somewhere on the silverblue system
2) users are NOT currently part of it by default
3) we want them to be
4) how to add existing users to it
5) then change the udev rules to use

input

input

input

input for controllers/keyboards/etc

A

Arcitec•5/15/23, 5:00 AM

How about if we update a default file to make all new users part of

input

input

input

input (includes people who install via ISO), and tell "rebasing users" to run a command (similar to how nvidia rebasers must run a

rpm-ostree kargs

rpm-ostree kargs

rpm-ostree kargs

rpm-ostree kargs).

A

Arcitec•5/15/23, 5:00 AM

Alternatively we can go all the way and make some kind of systemd script that runs as root at every startup, loops all users and ensures they are part of

input

input

input

input.

B

bsherman•5/15/23, 5:01 AM

i mean, investigate, it COULD be argued its a bug in Silverblue/rpm-ostree system depending on the core issue

A

Arcitec•5/15/23, 5:01 AM

I am on Fedora Workstation 36->37->38 host system atm, and I am in:

$ groups
johnny wheel mock pkg-build libvirt

$ groups
johnny wheel mock pkg-build libvirt

$ groups
johnny wheel mock pkg-build libvirt

$ groups
johnny wheel mock pkg-build libvirt

A

Arcitec•5/15/23, 5:02 AM

So "input" is nowhere to be seen here either.

B

bsherman•5/15/23, 5:02 AM

well, maybe it's not default then

A

Arcitec•5/15/23, 5:02 AM

Yeah I did upgrades but I started on 36 so it wasn't long ago.

B

bsherman•5/15/23, 5:03 AM

but we need a solution... it seems wrong that a dad (me) can't let his kids use a controller properly in our udev-rules without granting wheel

B

bsherman•5/15/23, 5:03 AM

it's weird to me that we aren't even in a

users

users

group anymore

A

Arcitec•5/15/23, 5:04 AM

Yeah. I remember hearing about this

input

input

input

input group in other discussions. I think the udev rules have some "group=input or wheel", from my vague memory.

A

Arcitec•5/15/23, 5:04 AM

So if that's the case then all they need is input.

B

bsherman•5/15/23, 5:04 AM

that's an option too! if we can do an OR in the group, then we can just offer documentation for "if you want this for non-admins, add them to

input

input

input

input group"

B

bsherman•5/15/23, 5:05 AM

i don't know how to do "group X or Y" in udev rules though

A

Arcitec•5/15/23, 5:05 AM

Hmm, steam's own rules don't do this:

 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep input
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
KERNEL=="input*", ATTRS{name}=="Lic Pro Controller", RUN{program}+="/bin/sh -c 'udevadm test-builtin uaccess /sys/%p/../../hidraw/hidraw*'"
 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep wheel
 ✘  ~ 

 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep input
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
KERNEL=="input*", ATTRS{name}=="Lic Pro Controller", RUN{program}+="/bin/sh -c 'udevadm test-builtin uaccess /sys/%p/../../hidraw/hidraw*'"
 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep wheel
 ✘  ~ 

 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep input
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
KERNEL=="input*", ATTRS{name}=="Lic Pro Controller", RUN{program}+="/bin/sh -c 'udevadm test-builtin uaccess /sys/%p/../../hidraw/hidraw*'"
 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep wheel
 ✘  ~ 

 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep input
KERNEL=="uinput", SUBSYSTEM=="misc", TAG+="uaccess", OPTIONS+="static_node=uinput"
KERNEL=="input*", ATTRS{name}=="Lic Pro Controller", RUN{program}+="/bin/sh -c 'udevadm test-builtin uaccess /sys/%p/../../hidraw/hidraw*'"
 ~  cat /usr/lib/udev/rules.d/60-steam-input.rules | grep wheel
 ✘  ~ 

They seem to just open it up to every user. I'll investigate more tomorrow what the

input

input

input

input group is from. I am guessing it's specified in the udev files we're using.

B

bsherman•5/15/23, 5:06 AM

nope

B

bsherman•5/15/23, 5:06 AM

look at...

B

bsherman•5/15/23, 5:07 AM

80-wooting.rules

80-wooting.rules

80-wooting.rules

80-wooting.rules

B

bsherman•5/15/23, 5:07 AM

i hadn't looked closely

B

bsherman•5/15/23, 5:07 AM

thankfully, that looks to be the only problematic file!

A

Arcitec•5/15/23, 5:08 AM

Checking...

A

Arcitec•5/15/23, 5:09 AM

Ah yeah. So this file is saying "user must be in ~~wheel~~ input to get access".

A

Arcitec•5/15/23, 5:09 AM

It makes sense now. But I wonder what the implications are of doing what steam-devices udev rules did: No group.

B

bsherman•5/15/23, 5:09 AM

so the upstream for that file (where the PR content was source from) changed that from wheel to input

B

bsherman•5/15/23, 5:09 AM

and, added some new lines

B

bsherman•5/15/23, 5:09 AM

so that's where this came from and why i was looking

A

Arcitec•5/15/23, 5:09 AM

I'll show you what Valve did.

B

bsherman•5/15/23, 5:10 AM

but i didn't dig deep enough to see that our other things aren't impacted, which is great

A

Arcitec•5/15/23, 5:10 AM

https://pb.envs.net/?a7d37687b9d53a8b#CcUQRXKewZJ19b7ajpYY1za3uWWUnu1orDsHmrMhdejV

A

Arcitec•5/15/23, 5:10 AM

What about we switch to this method instead? Any security issues?

fix: update wooting rules by castrojo · ...

Similar Threads

Similar Threads

Similar Threads