homed: allow systemd-homed access to FIDO2 devices

Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.
2024-07-22 10:44:58 +00:00 · 2021-07-13 02:57:43 +09:00 · 2021-07-13 02:57:43 +09:00 · 85e424c0c8
parent 8b213bf12e
commit 85e424c0c8
1 changed files with 1 additions and 0 deletions
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@ -20,6 +20,7 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER CAP_FS
 DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
+DeviceAllow=char-hidraw rw
 ExecStart={{ROOTLIBEXECDIR}}/systemd-homed
 IPAddressDeny=any
 KillMode=mixed