Google Git
Sign in
cos / mirrors / cros / chromiumos / overlays / eclass-overlay / 0858fa8d5007be5223ed06471171ada019e55fa2^! / .
commit0858fa8d5007be5223ed06471171ada019e55fa2[log] [tgz]
authorChris Masone <cmasone@chromium.org>Tue Mar 11 16:44:54 2014 -0700
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Fri Mar 14 05:12:11 2014 +0000
tree08d8713f066e061411eee979d3e7f2f9b4e4639e
parent7a82bb23a8562fd251a5d9de2edae818a6731414 [diff]
Add comments from chromeos-base ebuild

There were explanatory comments in chromeos-base-0.ebuild
for many group memberships in CrOS. Pull those comments
into the new file-based DB so that we don't lose the info
when migrating to use enew{user,group} everywhere.

BUG=chromium:343369
TEST=build an image, to be sure the files parse

Change-Id: Ice68633361c3005884859123de189a68aded3e4c
Reviewed-on: https://chromium-review.googlesource.com/189612
Reviewed-by: Chris Masone <cmasone@chromium.org>
Tested-by: Chris Masone <cmasone@chromium.org>
Commit-Queue: Chris Masone <cmasone@chromium.org>

diff --git a/profiles/base/accounts/group/brltty b/profiles/base/accounts/group/brltty
index 81caa23..14effc3 100644
--- a/profiles/base/accounts/group/brltty
+++ b/profiles/base/accounts/group/brltty

@@ -1,3 +1,4 @@
 group:brltty
 gid:240
+# The browser needs to be able to speak to the braille subsystem.
 users:chronos

diff --git a/profiles/base/accounts/group/chronos-access b/profiles/base/accounts/group/chronos-access
index ee0ccd8..1cc1a65 100644
--- a/profiles/base/accounts/group/chronos-access
+++ b/profiles/base/accounts/group/chronos-access

@@ -1,3 +1,8 @@
 group:chronos-access
 gid:1001
+# Add a chronos-access group to provide non-chronos users,
+# mostly system daemons running as a non-chronos user, group permissions
+# to access files/directories owned by chronos.
+# This includes all users accessing opencryptoki database files and all users
+# we run FUSE-based filesystem daemons as.
 users:root,ipsec,chronos,ntfs-3g,avfs,fuse-exfat,chaps

diff --git a/profiles/base/accounts/group/cras b/profiles/base/accounts/group/cras
index a1c7634..4e0a0a2 100644
--- a/profiles/base/accounts/group/cras
+++ b/profiles/base/accounts/group/cras

@@ -1,3 +1,4 @@
 group:cras
 gid:220
+# The browser runs as chronos, and the power manager needs to check if audio is playing.
 users:chronos,power

diff --git a/profiles/base/accounts/group/devbroker-access b/profiles/base/accounts/group/devbroker-access
index 1e9cfb8..c764e32 100644
--- a/profiles/base/accounts/group/devbroker-access
+++ b/profiles/base/accounts/group/devbroker-access

@@ -1,3 +1,4 @@
 group:devbroker-access
 gid:403
+# So the browser can get brokered access to devices.
 users:chronos

diff --git a/profiles/base/accounts/group/i2c b/profiles/base/accounts/group/i2c
index bb6fadd..1851a0b 100644
--- a/profiles/base/accounts/group/i2c
+++ b/profiles/base/accounts/group/i2c

@@ -1,3 +1,5 @@
 group:i2c
 gid:404
+# Give the power manager access to I2C devices so it can adjust external
+# displays' brightness via DDC.
 users:power

diff --git a/profiles/base/accounts/group/input b/profiles/base/accounts/group/input
index 9d2b39b..ec27270 100644
--- a/profiles/base/accounts/group/input
+++ b/profiles/base/accounts/group/input

@@ -1,3 +1,6 @@
 group:input
 gid:222
+# cras needs access to /dev/input/event*
+# power manager needs to read from /dev/input/event* to observe power
+# button and lid events.
 users:cras,xorg,power

diff --git a/profiles/base/accounts/group/pkcs11 b/profiles/base/accounts/group/pkcs11
index bdd0a2f..9f99e95 100644
--- a/profiles/base/accounts/group/pkcs11
+++ b/profiles/base/accounts/group/pkcs11

@@ -1,3 +1,4 @@
 group:pkcs11
 gid:208
+# These users all need access to PKCS #11 crypto services.
 users:root,ipsec,chronos,chaps,wpa

diff --git a/profiles/base/accounts/group/tss b/profiles/base/accounts/group/tss
index 0cefb42..ac2560e 100644
--- a/profiles/base/accounts/group/tss
+++ b/profiles/base/accounts/group/tss

@@ -1,3 +1,4 @@
 group:tss
 gid:207
+# Only root and chaps are allowed to talk to the TPM via tcsd.
 users:root,chaps

diff --git a/profiles/base/accounts/group/tty b/profiles/base/accounts/group/tty
index 32263af..5fe48b0 100644
--- a/profiles/base/accounts/group/tty
+++ b/profiles/base/accounts/group/tty

@@ -1,3 +1,6 @@
 group:tty
 gid:5
+# Give the power manager access to /dev/tty* so it can disable VT switching
+# before suspending the system.
+# The braille display subsystem also needs access.
 users:xorg,power,brltty

diff --git a/profiles/base/accounts/group/usb b/profiles/base/accounts/group/usb
index 4492812..a0dbffd 100644
--- a/profiles/base/accounts/group/usb
+++ b/profiles/base/accounts/group/usb

@@ -1,3 +1,4 @@
 group:usb
 gid:85
+# mtp for access to media on phones/tablets; brltty for braille.
 users:mtp,brltty

diff --git a/profiles/base/accounts/group/wpa b/profiles/base/accounts/group/wpa
index 46cfcb5..9bf43dd 100644
--- a/profiles/base/accounts/group/wpa
+++ b/profiles/base/accounts/group/wpa

@@ -1,3 +1,4 @@
 group:wpa
 gid:219
+# Needed because we run wpa_cli as root.
 users:root