diff options
author | Rusty Bird <rustybird@openmailbox.org> | 2016-07-15 18:47:42 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-07-15 18:47:42 +0200 |
commit | 542127ea96de4b0e22fbb0fc872d80406e068e36 (patch) | |
tree | 1cfb6ff0e1b1f06a6d6b76feec7752697e906ed5 /rules | |
parent | tree-wide: get rid of selinux_context_t (#3732) (diff) | |
download | systemd-542127ea96de4b0e22fbb0fc872d80406e068e36.tar.xz systemd-542127ea96de4b0e22fbb0fc872d80406e068e36.zip |
rules: UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG property (#3714)
Sometimes, the persistent storage rules should be skipped for a subset
of devices. For example, the Qubes operating system prevents dom0 from
parsing untrusted block device content (such as filesystem metadata) by
shipping a custom 60-persistent-storage.rules, patched to bail out early
if the device name matches a hardcoded pattern.
As a less brittle and more flexible alternative, this commit adds a line
to the two relevant .rules files which makes them test the value of the
UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG device property, modeled
after the various DM_UDEV_DISABLE_*_RULES_FLAG properties.
Diffstat (limited to 'rules')
-rw-r--r-- | rules/60-persistent-storage-tape.rules | 1 | ||||
-rw-r--r-- | rules/60-persistent-storage.rules | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/rules/60-persistent-storage-tape.rules b/rules/60-persistent-storage-tape.rules index f2eabd92a8..b604864ee8 100644 --- a/rules/60-persistent-storage-tape.rules +++ b/rules/60-persistent-storage-tape.rules @@ -3,6 +3,7 @@ # persistent storage links: /dev/tape/{by-id,by-path} ACTION=="remove", GOTO="persistent_storage_tape_end" +ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_tape_end" # type 8 devices are "Medium Changers" SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="8", IMPORT{program}="scsi_id --sg-version=3 --export --whitelisted -d $devnode", \ diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules index dbf10b286f..d7bbbf9866 100644 --- a/rules/60-persistent-storage.rules +++ b/rules/60-persistent-storage.rules @@ -4,6 +4,7 @@ # scheme based on "Linux persistent device names", 2004, Hannes Reinecke <hare@suse.de> ACTION=="remove", GOTO="persistent_storage_end" +ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end" SUBSYSTEM!="block", GOTO="persistent_storage_end" KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|scm*|pmem*", GOTO="persistent_storage_end" |