-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow fprintd suspend/resume #840
Comments
Benjamin Berg ***@***.***> writes:
fprintd 1.94.0 is getting support for suspend/resume. This requires more permissions:
* logind inhibitor API (org.freedesktop.login1.Inhibit call and the associated FD passing)
* power/persist and power/wakeup sysfs attributes for USB devices
Note that we could unconditionally turn off power/persist. But it does make sense to runtime-configure
wakeup (as there is no point in having USB wakeup enabled in the kernel unless really needed).
Aug 20 04:59:16 fedora audit[17453]: AVC avc: denied { write } for pid=17453 comm="fprintd" name="wakeup" dev="sysfs" ino=28290 scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
Aug 20 04:59:16 fedora fprintd[17453]: 3658960783: ../libfprint/drivers/synaptics/synaptics.c:1225
Aug 20 04:59:16 fedora audit[17453]: AVC avc: denied { write } for pid=17453 comm="gdbus" path="/run/systemd/inhibit/78.ref" dev="tmpfs" ino=2616 scontext=system_u:system_r:fprintd_t:s0 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file permissive=1
Not sure why only power/wakeup shows up here, power/persist is also written.
it is in permissive mode and the event is the same, selinux does not log
duplicate avc denials when in permissive mode to avoid log flooding.
I would consider using genfscon to label those wakup and persist files with a
private type if practical so that write access for fprintd can be granted to those two
files only and not the remainder of /sys
…
fprintd will run fine without the change other than printing some warnings. However, the change allows new
features and should fix some problems around suspend/resume with fingerprint readers.
Note that testing requires fprintd/libfprint 1.94.0 (likely released very soon) and a synaptics prometheus
fingerprint reader right now (and will only fully work with S0ix/s2idle suspend rather than S3).
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
--
gpg --locate-keys ***@***.***
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
|
Ping? This is now happening a lot in Fedora 35 now that it's out. https://bugzilla.redhat.com/show_bug.cgi?id=2010925 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
fprintd 1.94.0 is getting support for suspend/resume. This requires more permissions:
org.freedesktop.login1.Inhibit
call and the associated FD passing)power/persist
andpower/wakeup
sysfs attributes for USB devicesNote that we could unconditionally turn off
power/persist
. But it does make sense to runtime-configure wakeup (as there is no point in having USB wakeup enabled in the kernel unless really needed).Not sure why only
power/wakeup
shows up here,power/persist
is also written.fprintd will run fine without the change other than printing some warnings. However, the change allows new features and should fix some problems around suspend/resume with fingerprint readers.
Note that testing requires fprintd/libfprint 1.94.0 (likely released very soon) and a synaptics prometheus fingerprint reader right now (and will only fully work with S0ix/s2idle suspend rather than S3).
The text was updated successfully, but these errors were encountered: