diff mbox series

[langdale,17/27] systemd: add group sgx to udev package

Message ID 73abbc8b7069ddaf9bdacabc3c4e027dd9579807.1678401759.git.steve@sakoman.com
State New
Headers show
Series [langdale,01/27] tiff: fix multiple CVEs | expand

Commit Message

Steve Sakoman March 9, 2023, 10:57 p.m. UTC
From: Peter Marko <peter.marko@siemens.com>

>From NEWS for v250:
* Device nodes for the Software Guard eXtension enclaves (sgx_vepc) are
  now also owned by the system group "sgx".

>From NEWS for v248:
* Intel SGX enclave device nodes (which expose a security feature of
  newer Intel CPUs) will now be owned by a new system group "sgx".

Fixes following journal error entry during startup:
  /lib/udev/rules.d/50-udev-default.rules:43 Unknown group 'sgx', ignoring
This is seen already on kirkstone.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bab455cd9b1b82e778f8523a767eb281edf6689e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 meta-selftest/files/static-group           | 1 +
 meta/recipes-core/systemd/systemd_251.8.bb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
diff mbox series


diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group
index b13dde3218..cbec6f1377 100644
--- a/meta-selftest/files/static-group
+++ b/meta-selftest/files/static-group
@@ -24,3 +24,4 @@  weston-launch:x:524:
diff --git a/meta/recipes-core/systemd/systemd_251.8.bb b/meta/recipes-core/systemd/systemd_251.8.bb
index 8f2fb90455..3c87e71485 100644
--- a/meta/recipes-core/systemd/systemd_251.8.bb
+++ b/meta/recipes-core/systemd/systemd_251.8.bb
@@ -401,7 +401,7 @@  USERADD_PACKAGES = "${PN} ${PN}-extra-utils \
                     ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \
 GROUPADD_PARAM:${PN} = "-r systemd-journal;"
-GROUPADD_PARAM:udev = "-r render"
+GROUPADD_PARAM:udev = "-r render;-r sgx;"
 GROUPADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}"
 USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}"