homed: allow systemd-homed access to FIDO2 devices

Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.
author: Gibeom Gwon <gb.gwon@stackframe.dev> 2021-07-13 02:57:43 +0900
committer: Luca Boccassi <luca.boccassi@gmail.com> 2021-07-12 23:35:32 +0100
commit: 85e424c0c852fcb92d108494a6efa9dd0ce943b2 (patch)
tree: 4b047aea306eb6c826ec1c600a6525bd47215b62 /units
parent: 8b213bf12eb59e4ce5365fdbbc36e42ec037107b (diff)
download: systemd-85e424c0c852fcb92d108494a6efa9dd0ce943b2.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in
index 678bbab65c..0576f84697 100644
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@@ -20,6 +20,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS
 DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
+DeviceAllow=char-hidraw rw
 ExecStart={{ROOTLIBEXECDIR}}/systemd-homed
 IPAddressDeny=any
 KillMode=mixed
author	Gibeom Gwon <gb.gwon@stackframe.dev>	2021-07-13 02:57:43 +0900
committer	Luca Boccassi <luca.boccassi@gmail.com>	2021-07-12 23:35:32 +0100
commit	85e424c0c852fcb92d108494a6efa9dd0ce943b2 (patch)
tree	4b047aea306eb6c826ec1c600a6525bd47215b62 /units
parent	8b213bf12eb59e4ce5365fdbbc36e42ec037107b (diff)
download	systemd-85e424c0c852fcb92d108494a6efa9dd0ce943b2.tar.gz