Allow user and group lookup to be disabled.

In certain cut-down situations such as an installer or inside the
initramfs, we simply don't have any kind of name service.  While we
could use rules without OWNER or GROUP, it's better to have the same
rules as a full system and have udevd ignore those parts of the rules.

Adds a --resolve-names=never switch to udevd that has this effect.

4 files changed, 34 insertions, 7 deletions

diff --git a/NEWS b/NEWS
index bcfd773c6..52bfa6a99 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ Bugfixes.
 The udevadm test command has no longer a --force option, nodes and symlinks
 are always updated with a test run now.
 
+The udevd daemon can be started with --resolve-names=never to avoid all user
+and group lookups (e.g. in cut-down systems).
+
 udev 136
 ========
 Bugfixes.
diff --git a/udev/udev-rules.c b/udev/udev-rules.c
index 2d120dd92..ccf1eaaf8 100644
--- a/udev/udev-rules.c
+++ b/udev/udev-rules.c
@@ -1454,10 +1454,10 @@ static int add_rule(struct udev_rules *rules, char *line,
 			uid = strtoul(value, &endptr, 10);
 			if (endptr[0] == '\0') {
 				rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
-			} else if (rules->resolve_names && strchr("$%", value[0]) == NULL) {
+			} else if ((rules->resolve_names > 0) && strchr("$%", value[0]) == NULL) {
 				uid = add_uid(rules, value);
 				rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
-			} else {
+			} else if (rules->resolve_names == 0) {
 				rule_add_key(&rule_tmp, TK_A_OWNER, op, value, NULL);
 			}
 			rule_tmp.rule.rule.flags = 1;
@@ -1472,10 +1472,10 @@ static int add_rule(struct udev_rules *rules, char *line,
 			gid = strtoul(value, &endptr, 10);
 			if (endptr[0] == '\0') {
 				rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
-			} else if (rules->resolve_names && strchr("$%", value[0]) == NULL) {
+			} else if ((rules->resolve_names > 0) && strchr("$%", value[0]) == NULL) {
 				gid = add_gid(rules, value);
 				rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
-			} else {
+			} else if (rules->resolve_names == 0) {
 				rule_add_key(&rule_tmp, TK_A_GROUP, op, value, NULL);
 			}
 			rule_tmp.rule.rule.flags = 1;
diff --git a/udev/udevd.c b/udev/udevd.c
index 993964d23..9a8d79180 100644
--- a/udev/udevd.c
+++ b/udev/udevd.c
@@ -639,12 +639,14 @@ int main(int argc, char *argv[])
 	fd_set readfds;
 	const char *value;
 	int daemonize = 0;
+	int resolve_names = 1;
 	static const struct option options[] = {
 		{ "daemon", no_argument, NULL, 'd' },
 		{ "debug-trace", no_argument, NULL, 't' },
 		{ "debug", no_argument, NULL, 'D' },
 		{ "help", no_argument, NULL, 'h' },
 		{ "version", no_argument, NULL, 'V' },
+		{ "resolve-names", required_argument, NULL, 'N' },
 		{}
 	};
 	int rc = 1;
@@ -678,8 +680,19 @@ int main(int argc, char *argv[])
 			if (udev_get_log_priority(udev) < LOG_INFO)
 				udev_set_log_priority(udev, LOG_INFO);
 			break;
+		case 'N':
+			if (strcmp (optarg, "early") == 0) {
+				resolve_names = 1;
+			} else if (strcmp (optarg, "never") == 0) {
+				resolve_names = -1;
+			} else {
+				fprintf(stderr, "resolve-names must be early or never\n");
+				err(udev, "resolve-names must be early or never\n");
+				goto exit;
+			}
+			break;
 		case 'h':
-			printf("Usage: udevd [--help] [--daemon] [--debug-trace] [--debug] [--version]\n");
+			printf("Usage: udevd [--help] [--daemon] [--debug-trace] [--debug] [--resolve-names=early|never] [--version]\n");
 			goto exit;
 		case 'V':
 			printf("%s\n", VERSION);
@@ -759,7 +772,7 @@ int main(int argc, char *argv[])
 		goto exit;
 	}
 
-	rules = udev_rules_new(udev, 1);
+	rules = udev_rules_new(udev, resolve_names);
 	if (rules == NULL) {
 		err(udev, "error reading rules\n");
 		goto exit;
@@ -957,7 +970,7 @@ int main(int argc, char *argv[])
 			struct udev_rules *rules_new;
 
 			reload_config = 0;
-			rules_new = udev_rules_new(udev, 1);
+			rules_new = udev_rules_new(udev, resolve_names);
 			if (rules_new != NULL) {
 				udev_rules_unref(rules);
 				rules = rules_new;
diff --git a/udev/udevd.xml b/udev/udevd.xml
index b5726b8b0..010411c78 100644
--- a/udev/udevd.xml
+++ b/udev/udevd.xml
@@ -29,6 +29,7 @@
           <arg><option>--debug-trace</option></arg>
           <arg><option>--debug</option></arg>
           <arg><option>--version</option></arg>
+          <arg><option>--resolve-names=early|never</option></arg>
           <arg><option>--help</option></arg>
         </cmdsynopsis>
       </refsynopsisdiv>
@@ -65,6 +66,16 @@
             </listitem>
           </varlistentry>
           <varlistentry>
+            <term><option>--resolve-names</option></term>
+            <listitem>
+              <para>Specify when udevd should resolve names of users and groups.
+              When set to <option>early</option> (the default) names will be
+              resolved when the rules are parsed.
+              When set to <option>never</option> names will never be resolved
+              and all devices will be owned by root.</para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
             <term><option>--version</option></term>
             <listitem>
               <para>Print version number.</para>