Date: Mon, 15 Jun 2026 15:05:10 +0000 From: Christos Margiolis <christos@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a6aa95eba6ee - main - sound: Create all device nodes with GID_AUDIO Message-ID: <6a3014a6.3c151.59eed2c6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by christos: URL: https://cgit.FreeBSD.org/src/commit/?id=a6aa95eba6ee2dd199d6cb8063dbaccd8a6f7512 commit a6aa95eba6ee2dd199d6cb8063dbaccd8a6f7512 Author: Christos Margiolis <christos@FreeBSD.org> AuthorDate: 2026-05-21 18:03:31 +0000 Commit: Christos Margiolis <christos@FreeBSD.org> CommitDate: 2026-06-15 15:03:48 +0000 sound: Create all device nodes with GID_AUDIO Commit 6024e3f99a1e ("Add audio group") introduced GID_AUDIO, initially for virtual_oss(8) loopback devices. Now make all of them with GID_AUDIO. Relnotes: yes Sponsored by: The FreeBSD Foundation Reviewed by: emaste Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/35 --- UPDATING | 3 +++ share/man/man4/pcm.4 | 11 +++++++-- sys/dev/sound/midi/midi.c | 2 +- sys/dev/sound/pci/emu10kx.c | 2 +- sys/dev/sound/pcm/dsp.c | 4 +-- sys/dev/sound/pcm/mixer.c | 2 +- sys/dev/sound/sndstat.c | 2 +- sys/dev/sound/usb/uaudio.c | 2 +- usr.sbin/virtual_oss/virtual_oss/main.c | 34 ++++++++++---------------- usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 | 8 +++--- 10 files changed, 35 insertions(+), 35 deletions(-) diff --git a/UPDATING b/UPDATING index 58d12856c581..a83925a811a4 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 16.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20260521: + Audio devices are now created with GID 43 / audio. You will need to add + users who need access to audio devices to this group. 20260512: "bsdinstall script" will now do a pkgbase installation by default. To revert to the legacy distset installation, set "DISTRIBUTIONS" in diff --git a/share/man/man4/pcm.4 b/share/man/man4/pcm.4 index 9ea0f14c3930..181b2120c2e6 100644 --- a/share/man/man4/pcm.4 +++ b/share/man/man4/pcm.4 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 15, 2026 +.Dd May 21, 2026 .Dt SOUND 4 .Os .Sh NAME @@ -559,6 +559,12 @@ Additional messages are sometimes recorded when the device is probed and attached, these messages can be viewed with the .Xr dmesg 8 utility. +.Pp +Users have to be part of the audio group in order to access any device node +created by +.Nm , +as well as the device drivers, and +.Xr virtual_oss 8 . .Sh EXAMPLES Use the sound metadriver to load all .Nm @@ -625,7 +631,8 @@ A device node is not created properly. .Xr dmesg 8 , .Xr kldload 8 , .Xr mixer 8 , -.Xr sysctl 8 +.Xr sysctl 8 , +.Xr virtual_oss 8 .Rs .%T "Cookbook formulae for audio EQ biquad filter coefficients (Audio-EQ-Cookbook.txt), by Robert Bristow-Johnson" .%U "https://www.musicdsp.org/en/latest/Filters/197-rbj-audio-eq-cookbook.html" diff --git a/sys/dev/sound/midi/midi.c b/sys/dev/sound/midi/midi.c index e70f76a44ed9..9a19b0bc2e30 100644 --- a/sys/dev/sound/midi/midi.c +++ b/sys/dev/sound/midi/midi.c @@ -143,7 +143,7 @@ midi_init(kobj_class_t cls, void *cookie) mtx_unlock(&m->lock); - m->dev = make_dev(&midi_cdevsw, m->unit, UID_ROOT, GID_WHEEL, 0666, + m->dev = make_dev(&midi_cdevsw, m->unit, UID_ROOT, GID_AUDIO, 0660, "midi%d.%d", m->unit, m->channel); m->dev->si_drv1 = m; diff --git a/sys/dev/sound/pci/emu10kx.c b/sys/dev/sound/pci/emu10kx.c index 9cd7dbca1cb2..582006e001c2 100644 --- a/sys/dev/sound/pci/emu10kx.c +++ b/sys/dev/sound/pci/emu10kx.c @@ -2312,7 +2312,7 @@ emu10kx_dev_init(struct emu_sc_info *sc) mtx_init(&sc->emu10kx_lock, device_get_nameunit(sc->dev), "kxdevlock", 0); unit = device_get_unit(sc->dev); - sc->cdev = make_dev(&emu10kx_cdevsw, unit, UID_ROOT, GID_WHEEL, 0640, "emu10kx%d", unit); + sc->cdev = make_dev(&emu10kx_cdevsw, unit, UID_ROOT, GID_AUDIO, 0640, "emu10kx%d", unit); if (sc->cdev != NULL) { sc->cdev->si_drv1 = sc; return (0); diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c index 089e193ee8b4..05fdc18e31f8 100644 --- a/sys/dev/sound/pcm/dsp.c +++ b/sys/dev/sound/pcm/dsp.c @@ -122,8 +122,8 @@ dsp_make_dev(device_t dev) make_dev_args_init(&devargs); devargs.mda_devsw = &dsp_cdevsw; devargs.mda_uid = UID_ROOT; - devargs.mda_gid = GID_WHEEL; - devargs.mda_mode = 0666; + devargs.mda_gid = GID_AUDIO; + devargs.mda_mode = 0660; devargs.mda_si_drv1 = sc; err = make_dev_s(&devargs, &sc->dsp_dev, "dsp%d", unit); if (err != 0) { diff --git a/sys/dev/sound/pcm/mixer.c b/sys/dev/sound/pcm/mixer.c index 3ddee24417cc..1d74af76b757 100644 --- a/sys/dev/sound/pcm/mixer.c +++ b/sys/dev/sound/pcm/mixer.c @@ -646,7 +646,7 @@ mixer_init(device_t dev, kobj_class_t cls, void *devinfo) mixer_setrecsrc(m, 0); /* Set default input. */ - pdev = make_dev(&mixer_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666, "mixer%d", + pdev = make_dev(&mixer_cdevsw, 0, UID_ROOT, GID_AUDIO, 0660, "mixer%d", unit); pdev->si_drv1 = m; snddev->mixer_dev = pdev; diff --git a/sys/dev/sound/sndstat.c b/sys/dev/sound/sndstat.c index c28a932c784e..68902012563e 100644 --- a/sys/dev/sound/sndstat.c +++ b/sys/dev/sound/sndstat.c @@ -1437,7 +1437,7 @@ static void sndstat_sysinit(void *p) { sx_init(&sndstat_lock, "sndstat lock"); - sndstat_dev = make_dev(&sndstat_cdevsw, 0, UID_ROOT, GID_WHEEL, 0644, + sndstat_dev = make_dev(&sndstat_cdevsw, 0, UID_ROOT, GID_AUDIO, 0640, "sndstat"); } SYSINIT(sndstat_sysinit, SI_SUB_DRIVERS, SI_ORDER_FIRST, sndstat_sysinit, NULL); diff --git a/sys/dev/sound/usb/uaudio.c b/sys/dev/sound/usb/uaudio.c index eedd52774b70..4072c8138cea 100644 --- a/sys/dev/sound/usb/uaudio.c +++ b/sys/dev/sound/usb/uaudio.c @@ -6049,7 +6049,7 @@ umidi_attach(device_t dev) error = usb_fifo_attach(sc->sc_udev, chan, &chan->mtx, &umidi_fifo_methods, &sub->fifo, unit, n, chan->iface_index, - UID_ROOT, GID_OPERATOR, 0666); + UID_ROOT, GID_AUDIO, 0660); if (error) { goto detach; } diff --git a/usr.sbin/virtual_oss/virtual_oss/main.c b/usr.sbin/virtual_oss/virtual_oss/main.c index 5b50f8e5ef6c..1b03e2c8cf37 100644 --- a/usr.sbin/virtual_oss/virtual_oss/main.c +++ b/usr.sbin/virtual_oss/virtual_oss/main.c @@ -1642,6 +1642,9 @@ static int voss_ntds; static pthread_t *voss_tds; static int voss_fd_sta = -1; +static gid_t voss_gid; +static int voss_perm = 0660; + /* XXX I do not like the prefix argument... */ static struct voss_backend * voss_load_backend(const char *prefix, const char *name, const char *dir) @@ -1874,25 +1877,8 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, { vprofile_t *ptr; struct cuse_dev *pdev; - struct group *gr; const char *errstr; - gid_t gid; - int x, perm; - - if (!is_client) { - /* - * Loopback devices can be used only by users who part of the - * audio group, to avoid unintended snooping by unprivileged - * users. - */ - if ((gr = getgrnam("audio")) == NULL) - return ("getgrnam() failed"); - gid = gr->gr_gid; - perm = 0660; - } else { - gid = 0; - perm = 0666; - } + int x; rx_mute = rx_mute ? 1 : 0; tx_mute = tx_mute ? 1 : 0; @@ -1945,7 +1931,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, /* create DSP character device */ pdev = cuse_dev_create(&vclient_oss_methods, ptr, NULL, - 0, gid, perm, ptr->oss_name); + 0, voss_gid, voss_perm, ptr->oss_name); if (pdev == NULL) { errstr = "Could not create CUSE DSP device"; goto err; @@ -1964,7 +1950,7 @@ dup_profile(vprofile_t *pvp, int *pamp, int pol, int rx_mute, /* create WAV device */ if (ptr->wav_name[0] != 0) { pdev = cuse_dev_create(&vclient_wav_methods, ptr, NULL, - 0, gid, perm, ptr->wav_name); + 0, voss_gid, voss_perm, ptr->wav_name); if (pdev == NULL) { errstr = "Could not create CUSE WAV device"; goto err; @@ -2581,6 +2567,12 @@ main(int argc, char **argv) struct sigaction sa; struct cuse_dev *pdev = NULL; struct virtual_profile *pvp; + struct group *gr; + + /* Devices can be used only by users who part of the audio group. */ + if ((gr = getgrnam("audio")) == NULL) + err(EX_USAGE, "getgrnam"); + voss_gid = gr->gr_gid; TAILQ_INIT(&virtual_profile_client_head); TAILQ_INIT(&virtual_profile_loopback_head); @@ -2650,7 +2642,7 @@ main(int argc, char **argv) if (voss_ctl_device[0] != 0) { pdev = cuse_dev_create(&vctl_methods, NULL, NULL, - 0, 0, 0666, voss_ctl_device); + 0, voss_gid, voss_perm, voss_ctl_device); if (pdev == NULL) errx(EX_USAGE, "Could not create '/dev/%s'", voss_ctl_device); diff --git a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 index b9dc8fd86a3c..4db4492a0842 100644 --- a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 +++ b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.8 @@ -23,7 +23,7 @@ .\" SUCH DAMAGE. .\" .\" -.Dd May 7, 2026 +.Dd May 21, 2026 .Dt VIRTUAL_OSS 8 .Os .Sh NAME @@ -162,8 +162,6 @@ This option should be specified before the -d and -l options. Create an OSS device by given name. .It Fl l Ar name Create a loopback OSS device by given name. -Users have to be part of the audio group to access this device. -This is a security measure to avoid unintended snooping by unprivileged users. .It Fl L Ar name Create a loopback OSS device which acts as a master device. This option is used in conjunction with -f /dev/null . @@ -328,8 +326,8 @@ virtual_oss -S -b 16 -C 2 -c 2 -r 48000 -s 4ms \\ -f /dev/sndio/default -d dsp .Ed .Sh NOTES -All character devices are created using the 0666 mode which gives -everyone in the system access. +Users have to be part of the audio group to access any device node created by +.Nm . .Sh SEE ALSO .Xr cuse 3 , .Xr sound 4 ,home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a3014a6.3c151.59eed2c6>