From 96ec6148bf1865b4fb1f3056106c7a08b7e504b5 Mon Sep 17 00:00:00 2001
From: Donald Buczek <buczek@molgen.mpg.de>
Date: Fri, 19 Feb 2021 14:46:01 +0100
Subject: [PATCH] Remove 51-mariux udev rules file

The rules in this file want to make sound, video and cdrom devices
available to the locally logged in user by setting the device files to
mode 0666, which in fact makes these available to all users. This is a
privacy problem when applied to sound, input and video devices.

However, this is unnecessary, as the access for the locally logged in
user is already managed by udev and logind.

The whole processes is more or less undocumented [1]

Relevant rules files are

    /lib/udev/rules.d/70-uaccess.rules
    /lib/udev/rules.d/71-seat.rules
    /lib/udev/rules.d/83-seat-late.rules

In the end, either the udev uaccess build [2] or logind [3] set a acl to
the relevant device files so that the local user can access it.

Remove the local rule file.

[1] https://github.com/systemd/systemd/issues/4288
[2] https://github.com/systemd/systemd/blob/4d484e14bb9864cef1d124885e625f33bf31e91c/src/udev/udev-builtin-uaccess.c#L51
[3] https://github.com/systemd/systemd/blob/4d484e14bb9864cef1d124885e625f33bf31e91c/src/login/logind-seat.c#L216
---
 install.sh                                  | 1 -
 misc_etc_files/udev/rules.d/51-mariux.rules | 3 ---
 2 files changed, 4 deletions(-)
 delete mode 100644 misc_etc_files/udev/rules.d/51-mariux.rules

diff --git a/install.sh b/install.sh
index 8b16432..2d2e955 100755
--- a/install.sh
+++ b/install.sh
@@ -208,7 +208,6 @@ install_symlink /usr/bin/prun                             "$DESTDIR$usrlocal_pre
 install_symlink /usr/bin/ptype                            "$DESTDIR$usrlocal_prefix/package/bin/ptype"
 install_symlink /usr/bin/pman                             "$DESTDIR$usrlocal_prefix/package/bin/pman"
 install_data misc_etc_files/sysctl.conf                   "$DESTDIR$sysconfdir/sysctl.conf"
-install_data misc_etc_files/udev/rules.d/51-mariux.rules  "$DESTDIR$sysconfdir/udev/rules.d/51-mariux.rules"
 install_data misc_systemd_units/reboot-notify.service     "$DESTDIR$systemdunitdir/reboot-notify.service"
 
 postinstall
diff --git a/misc_etc_files/udev/rules.d/51-mariux.rules b/misc_etc_files/udev/rules.d/51-mariux.rules
deleted file mode 100644
index 3e2b9f8..0000000
--- a/misc_etc_files/udev/rules.d/51-mariux.rules
+++ /dev/null
@@ -1,3 +0,0 @@
-SUBSYSTEM=="sound",                     MODE="0666", GROUP="audio"
-SUBSYSTEM=="video4linux",               MODE="0666", GROUP="video"
-SUBSYSTEM=="block", KERNEL=="sr[0-9]*", MODE="0666", GROUP="cdrom"