From fa55162f224c0ebe1ccd3fa9692cccf2a0dcb1d0 Mon Sep 17 00:00:00 2001
From: Gibeom Gwon <gb.gwon@stackframe.dev>
Date: Jul 20 2021 12:45:13 +0000
Subject: homed: allow systemd-homed access to FIDO2 devices


Add DeviceAllow= option for FIDO2 devices in systemd-homed.service.

(cherry picked from commit 85e424c0c852fcb92d108494a6efa9dd0ce943b2)
(cherry picked from commit 727a03e4826efe1392b8a1899b220e7df7976990)

---

diff --git a/units/systemd-homed.service.in b/units/systemd-homed.service.in
index 5ac53ca..0b0b238 100644
--- a/units/systemd-homed.service.in
+++ b/units/systemd-homed.service.in
@@ -21,6 +21,7 @@ DeviceAllow=/dev/loop-control rw
 DeviceAllow=/dev/mapper/control rw
 DeviceAllow=block-* rw
 ExecStart=@rootlibexecdir@/systemd-homed
+DeviceAllow=char-hidraw rw
 IPAddressDeny=any
 KillMode=mixed
 LimitNOFILE=@HIGH_RLIMIT_NOFILE@