homed: allow systemd-homed access to FIDO2 devices

Add DeviceAllow= option for FIDO2 devices in systemd-homed.service. (cherry picked from commit 85e424c0c852fcb92d108494a6efa9dd0ce943b2) (cherry picked from commit 727a03e4826efe1392b8a1899b220e7df7976990)
author: Gibeom Gwon <gb.gwon@stackframe.dev> 2021-07-13 02:57:43 +0900
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-07-20 14:45:13 +0200
commit: fa55162f224c0ebe1ccd3fa9692cccf2a0dcb1d0 (patch)
tree: 66d54cb0e28b196ed223f27f5458ea2714c0d68f
parent: ee0cf3ef6f522ee084ed987593f55c6c32097619 (diff)
download: systemd-fa55162f224c0ebe1ccd3fa9692cccf2a0dcb1d0.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in
index 5ac53ca9dc..0b0b238a1f 100644
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@@ -21,6 +21,7 @@ DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
 ExecStart=@rootlibexecdir@/systemd-homed
+DeviceAllow=char-hidraw rw
 IPAddressDeny=any
 KillMode=mixed
 LimitNOFILE=@HIGH_RLIMIT_NOFILE@
author	Gibeom Gwon <gb.gwon@stackframe.dev>	2021-07-13 02:57:43 +0900
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-07-20 14:45:13 +0200
commit	fa55162f224c0ebe1ccd3fa9692cccf2a0dcb1d0 (patch)
tree	66d54cb0e28b196ed223f27f5458ea2714c0d68f
parent	ee0cf3ef6f522ee084ed987593f55c6c32097619 (diff)
download	systemd-fa55162f224c0ebe1ccd3fa9692cccf2a0dcb1d0.tar.gz