summaryrefslogtreecommitdiffstats
path: root/man/udev.xml
blob: 266dd6146086d57dfd900fc0201afecfa08f15fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  SPDX-License-Identifier: LGPL-2.1-or-later
  Copyright © 2014 Jason St. John
-->

<refentry id="udev">
  <refentryinfo>
    <title>udev</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>udev</refentrytitle>
    <manvolnum>7</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>udev</refname>
    <refpurpose>Dynamic device management</refpurpose>
  </refnamediv>

  <refsect1>
    <title>Description</title>
    <para>udev supplies the system software with device events, manages permissions
    of device nodes and may create additional symlinks in the <filename>/dev/</filename>
    directory, or renames network interfaces. The kernel usually just assigns unpredictable
    device names based on the order of discovery. Meaningful symlinks or network device
    names provide a way to reliably identify devices based on their properties or
    current configuration.</para>

    <para>The udev daemon, <citerefentry><refentrytitle>systemd-udevd.service</refentrytitle>
    <manvolnum>8</manvolnum></citerefentry>, receives device uevents directly from
    the kernel whenever a device is added or removed from the system, or it changes its
    state. When udev receives a device event, it matches its configured set of rules
    against various device attributes to identify the device. Rules that match may
    provide additional device information to be stored in the udev database or
    to be used to create meaningful symlink names.</para>

    <para>All device information udev processes is stored in the udev database and
    sent out to possible event subscribers. Access to all stored data and the event
    sources is provided by the library libudev.</para>
  </refsect1>

  <refsect1>
      <title>Rules Files</title>
      <para>The udev rules are read from the files located in the system rules directories
      <filename>/usr/lib/udev/rules.d</filename> and <filename>/usr/local/lib/udev/rules.d</filename>, the
      volatile runtime directory <filename>/run/udev/rules.d</filename> and the local administration
      directory <filename>/etc/udev/rules.d</filename>.  All rules files are collectively sorted and
      processed in lexical order, regardless of the directories in which they live. However, files with
      identical filenames replace each other. Files in <filename>/etc/</filename> have the highest priority,
      files in <filename>/run/</filename> take precedence over files with the same name under
      <filename>/usr/</filename>. This can be used to override a system-supplied rules file with a local
      file if needed; a symlink in <filename>/etc/</filename> with the same name as a rules file in
      <filename>/usr/lib/</filename>, pointing to <filename>/dev/null</filename>, disables the rules file
      entirely. Rule files must have the extension <filename>.rules</filename>; other extensions are
      ignored.</para>

      <para>Every line in the rules file contains at least one key-value pair.
      Except for empty lines or lines beginning with <literal>#</literal>, which are ignored.
      There are two kinds of keys: match and assignment.
      If all match keys match against their values, the rule gets applied and the
      assignment keys get the specified values assigned.</para>

      <para>A matching rule may rename a network interface, add symlinks
      pointing to the device node, or run a specified program as part of
      the event handling.</para>

      <para>A rule consists of a comma-separated list of one or more key-operator-value expressions.
      Each expression has a distinct effect, depending on the key and operator used.</para>

      <refsect2>
        <title>Operators</title>
        <variablelist>
          <varlistentry>
            <term><literal>==</literal></term>
            <listitem>
              <para>Compare for equality. (The specified key has the specified value.)</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><literal>!=</literal></term>
            <listitem>
              <para>Compare for inequality. (The specified key doesn't have the specified value, or the
              specified key is not present at all.)
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><literal>=</literal></term>
            <listitem>
              <para>Assign a value to a key. Keys that represent a list are reset
              and only this single value is assigned.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><literal>+=</literal></term>
            <listitem>
              <para>Add the value to a key that holds a list of entries.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><literal>-=</literal></term>
            <listitem>
              <para>Remove the value from a key that holds a list of entries.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><literal>:=</literal></term>
            <listitem>
              <para>Assign a value to a key finally; disallow any later changes.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </refsect2>

      <refsect2>
        <title>Values</title>
          <para>Values are written as double quoted strings, such as ("string").
          To include a quotation mark (") in the value, precede it by a backslash (\").
          Any other occurrences of a backslash followed by a character are not unescaped.
          That is, "\t\n" is treated as four characters:
          backslash, lowercase t, backslash, lowercase n.</para>

          <para>The string can be prefixed with a lowercase e (e"string\n") to mark the string as
          <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style escaped</ulink>.
          For example, e"string\n" is parsed as 7 characters: 6 lowercase letters and a newline.
          This can be useful for writing special characters when a kernel driver requires them.</para>

          <para>Please note that <constant>NUL</constant> is not allowed in either string variant.</para>
      </refsect2>

      <refsect2>
        <title>Keys</title>
        <para>The following key names can be used to match against device properties.
        Some of the keys also match against properties of the parent devices in sysfs,
        not only the device that has generated the event. If multiple keys that match
        a parent device are specified in a single rule, all these keys must match at
        one and the same parent device.</para>
        <variablelist class='udev-directives'>
          <varlistentry>
            <term><varname>ACTION</varname></term>
            <listitem>
              <para>Match the name of the event action.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>DEVPATH</varname></term>
            <listitem>
              <para>Match the devpath of the event device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>KERNEL</varname></term>
            <listitem>
              <para>Match the name of the event device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>KERNELS</varname></term>
            <listitem>
              <para>Search the devpath upwards for a matching device name.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>NAME</varname></term>
            <listitem>
              <para>Match the name of a network interface. It can be used once the
              NAME key has been set in one of the preceding rules.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SYMLINK</varname></term>
            <listitem>
              <para>Match the name of a symlink targeting the node. It can be used once a SYMLINK key has
              been set in one of the preceding rules. There may be multiple symlinks; only one needs to
              match. If the operator is <literal>!=</literal>, the token returns true only if there is no
              symlink matched.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SUBSYSTEM</varname></term>
            <listitem>
              <para>Match the subsystem of the event device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SUBSYSTEMS</varname></term>
            <listitem>
              <para>Search the devpath upwards for a matching device subsystem name.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>DRIVER</varname></term>
            <listitem>
              <para>Match the driver name of the event device. Only set this key for devices
              which are bound to a driver at the time the event is generated.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>DRIVERS</varname></term>
            <listitem>
              <para>Search the devpath upwards for a matching device driver name.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>ATTR{<replaceable>filename</replaceable>}</varname></term>
            <listitem>
              <para>Match sysfs attribute value of the event device.</para>

              <para>Trailing whitespace in the attribute values is ignored unless the specified match value
              itself contains trailing whitespace.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>ATTRS{<replaceable>filename</replaceable>}</varname></term>
            <listitem>
              <para>Search the devpath upwards for a device with matching sysfs attribute values. If
              multiple <varname>ATTRS</varname> matches are specified, all of them must match on the same
              device.</para>

              <para>Trailing whitespace in the attribute values is ignored unless the specified match value
              itself contains trailing whitespace.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SYSCTL{<replaceable>kernel parameter</replaceable>}</varname></term>
            <listitem>
              <para>Match a kernel parameter value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>ENV{<replaceable>key</replaceable>}</varname></term>
            <listitem>
              <para>Match against a device property value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>CONST{<replaceable>key</replaceable>}</varname></term>
            <listitem>
              <para>Match against a system-wide constant. Supported keys are:</para>
              <variablelist>
                <varlistentry>
                  <term><literal>arch</literal></term>
                  <listitem>
                    <para>System's architecture. See <option>ConditionArchitecture=</option> in
                    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
                    for possible values.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>virt</literal></term>
                  <listitem>
                    <para>System's virtualization environment. See
                    <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                    for possible values.</para>
                  </listitem>
                </varlistentry>
              </variablelist>
              <para>Unknown keys will never match.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>TAG</varname></term>
            <listitem>
              <para>Match against one of device tags. It can be used once a TAG key has been set in one of
              the preceding rules. There may be multiple tags; only one needs to match. If the operator is
              <literal>!=</literal>, the token returns true only if there is no tag matched.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>TAGS</varname></term>
            <listitem>
              <para>Search the devpath upwards for a device with matching tag. If the operator is
              <literal>!=</literal>, the token returns true only if there is no tag matched.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>TEST{<replaceable>octal mode mask</replaceable>}</varname></term>
            <listitem>
              <para>Test the existence of a file. An octal mode mask can be specified
              if needed.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>PROGRAM</varname></term>
            <listitem>
              <para>Execute a program to determine whether there is a match; the key is true if the program
              returns successfully. The device properties are made available to the executed program in the
              environment. The program's standard output is available in the <varname>RESULT</varname>
              key.</para>

              <para>This can only be used for very short-running foreground tasks. For details, see
              <varname>RUN</varname>.</para>

              <para>Note that multiple <varname>PROGRAM</varname> keys may be specified in one rule, and
              <literal>=</literal>, <literal>:=</literal>, and <literal>+=</literal> have the same effect as
              <literal>==</literal>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>RESULT</varname></term>
            <listitem>
              <para>Match the returned string of the last <varname>PROGRAM</varname> call.
              This key can be used in the same or in any later rule after a
              <varname>PROGRAM</varname> call.</para>
            </listitem>
          </varlistentry>
        </variablelist>

        <para>Most of the fields support shell glob pattern matching and
        alternate patterns. The following special characters are supported:</para>
        <variablelist>
          <varlistentry>
            <term><literal>*</literal></term>
            <listitem>
              <para>Matches zero or more characters.</para>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term><literal>?</literal></term>
            <listitem>
              <para>Matches any single character.</para>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term><literal>[]</literal></term>
            <listitem>
              <para>Matches any single character specified within the brackets. For
              example, the pattern string <literal>tty[SR]</literal>
              would match either <literal>ttyS</literal> or <literal>ttyR</literal>.
              Ranges are also supported via the <literal>-</literal> character.
              For example, to match on the range of all digits, the pattern
              <literal>[0-9]</literal> could be used. If the first character
              following the <literal>[</literal> is a <literal>!</literal>,
              any characters not enclosed are matched.</para>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term><literal>|</literal></term>
            <listitem>
              <para>Separates alternative patterns. For example, the pattern string
              <literal>abc|x*</literal> would match either <literal>abc</literal>
              or <literal>x*</literal>.</para>
            </listitem>
          </varlistentry>
        </variablelist>

        <para>The following keys can get values assigned:</para>
        <variablelist class='udev-directives'>
          <varlistentry>
            <term><varname>NAME</varname></term>
            <listitem>
              <para>The name to use for a network interface. See
              <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
              for a higher-level mechanism for setting the interface name.
              The name of a device node cannot be changed by udev, only additional
              symlinks can be created.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SYMLINK</varname></term>
            <listitem>
              <para>The name of a symlink targeting the node. Every matching rule adds
              this value to the list of symlinks to be created.</para>
              <para>The set of characters to name a symlink is limited. Allowed
              characters are <literal>0-9A-Za-z#+-.:=@_/</literal>, valid UTF-8 character
              sequences, and <literal>\x00</literal> hex encoding. All other
              characters are replaced by a <literal>_</literal> character.</para>
              <para>Multiple symlinks may be specified by separating the names by the
              space character. In case multiple devices claim the same name, the link
              always points to the device with the highest link_priority. If the current
              device goes away, the links are re-evaluated and the device with the
              next highest link_priority becomes the owner of the link. If no
              link_priority is specified, the order of the devices (and which one of
              them owns the link) is undefined.</para>
              <para>Symlink names must never conflict with the kernel's default device
              node names, as that would result in unpredictable behavior.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>OWNER</varname>, <varname>GROUP</varname>, <varname>MODE</varname></term>
            <listitem>
              <para>The permissions for the device node. Every specified value overrides
              the compiled-in default value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SECLABEL{<replaceable>module</replaceable>}</varname></term>
            <listitem>
              <para>Applies the specified Linux Security Module label to the device node.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>ATTR{<replaceable>key</replaceable>}</varname></term>
            <listitem>
              <para>The value that should be written to a sysfs attribute of the
              event device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>SYSCTL{<replaceable>kernel parameter</replaceable>}</varname></term>
            <listitem>
              <para>The value that should be written to kernel parameter.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>ENV{<replaceable>key</replaceable>}</varname></term>
            <listitem>
              <para>Set a device property value. Property names with a leading <literal>.</literal>
              are neither stored in the database nor exported to events or
              external tools (run by, for example, the <varname>PROGRAM</varname>
              match key).</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>TAG</varname></term>
            <listitem>
              <para>Attach a tag to a device. This is used to filter events for users
              of libudev's monitor functionality, or to enumerate a group of tagged
              devices. The implementation can only work efficiently if only a few
              tags are attached to a device. It is only meant to be used in
              contexts with specific device filter requirements, and not as a
              general-purpose flag. Excessive use might result in inefficient event
              handling.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>RUN{<replaceable>type</replaceable>}</varname></term>
            <listitem>
              <para>Specify a program to be executed after processing of all the rules for the event. With
              <literal>+=</literal>, this invocation is added to the list, and with <literal>=</literal> or
              <literal>:=</literal>, it replaces any previous contents of the list. Please note that both
              <literal>program</literal> and <literal>builtin</literal> types described below share a common
              list, so clearing the list with <literal>:=</literal> and <literal>=</literal> affects both
              types.</para>

              <para><replaceable>type</replaceable> may be:</para>
              <variablelist>
                <varlistentry>
                  <term><literal>program</literal></term>
                  <listitem>
                    <para>Execute an external program specified as the assigned
                    value. If no absolute path is given, the program is expected
                    to live in <filename>/usr/lib/udev</filename>; otherwise, the
                    absolute path must be specified.</para>
                    <para>This is the default if no <replaceable>type</replaceable>
                    is specified.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>builtin</literal></term>
                  <listitem>
                    <para>As <varname>program</varname>, but use one of the
                    built-in programs rather than an external one.</para>
                  </listitem>
                </varlistentry>
              </variablelist>

              <para>The program name and following arguments are separated by spaces. Single quotes can be
              used to specify arguments with spaces.</para>

              <para>This can only be used for very short-running foreground tasks. Running an event process for
              a long period of time may block all further events for this or a dependent device.</para>

              <para>Note that running programs that access the network or mount/unmount filesystems is not
              allowed inside of udev rules, due to the default sandbox that is enforced on
              <filename>systemd-udevd.service</filename>.</para>

              <para>Starting daemons or other long-running processes is not allowed; the forked processes,
              detached or not, will be unconditionally killed after the event handling has finished. In order
              to activate long-running processes from udev rules, provide a service unit and pull it in from a
              udev device using the <varname>SYSTEMD_WANTS</varname> device property. See
              <citerefentry><refentrytitle>systemd.device</refentrytitle><manvolnum>5</manvolnum></citerefentry>
              for details.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>LABEL</varname></term>
            <listitem>
              <para>A named label to which a <varname>GOTO</varname> may jump.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>GOTO</varname></term>
            <listitem>
              <para>Jumps to the next <varname>LABEL</varname> with a matching name.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>IMPORT{<replaceable>type</replaceable>}</varname></term>
            <listitem>
              <para>Import a set of variables as device properties, depending on
              <replaceable>type</replaceable>:</para>

              <variablelist>
                <varlistentry>
                  <term><literal>program</literal></term>
                  <listitem>
                    <para>Execute an external program specified as the assigned
                    value and, if it returns successfully,
                    import its output, which must be in environment key
                    format. Path specification, command/argument separation,
                    and quoting work like in <varname>RUN</varname>.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>builtin</literal></term>
                  <listitem>
                    <para>Similar to <literal>program</literal>, but use one of the
                    built-in programs rather than an external one.</para>
                  </listitem>
                </varlistentry>
              <varlistentry>
                  <term><literal>file</literal></term>
                  <listitem>
                    <para>Import a text file specified as the assigned value, the content
                    of which must be in environment key format.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>db</literal></term>
                  <listitem>
                    <para>Import a single property specified as the assigned value from the
                    current device database. This works only if the database is already populated
                    by an earlier event.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>cmdline</literal></term>
                  <listitem>
                    <para>Import a single property from the kernel command line. For simple flags
                    the value of the property is set to <literal>1</literal>.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><literal>parent</literal></term>
                  <listitem>
                    <para>Import the stored keys from the parent device by reading
                    the database entry of the parent device. The value assigned to
                    <option>IMPORT{parent}</option> is used as a filter of key names
                    to import (with the same shell glob pattern matching used for
                    comparisons).</para>
                  </listitem>
                </varlistentry>
              </variablelist>

              <para>This can only be used for very short-running foreground tasks. For details see
              <option>RUN</option>.</para>

              <para>Note that multiple <varname>IMPORT{}</varname> keys may be specified in one rule, and
              <literal>=</literal>, <literal>:=</literal>, and <literal>+=</literal> have the same effect as
              <literal>==</literal>. The key is true if the import is successful, unless <literal>!=</literal>
              is used as the operator which causes the key to be true if the import failed.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><varname>OPTIONS</varname></term>
            <listitem>
              <para>Rule and device options:</para>
              <variablelist class='udev-directives'>
                <varlistentry>
                  <term><option>link_priority=<replaceable>value</replaceable></option></term>
                  <listitem>
                    <para>Specify the priority of the created symlinks. Devices with higher
                    priorities overwrite existing symlinks of other devices. The default is 0.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>string_escape=<replaceable>none|replace</replaceable></option></term>
                  <listitem>
                    <para>When <literal>replace</literal>, possibly unsafe characters in strings
                    assigned to <varname>NAME</varname>, <varname>SYMLINK</varname>, and
                    <varname>ENV{<replaceable>key</replaceable>}</varname> are replaced. When
                    <literal>none</literal>, no replacement is performed. When unset, the replacement
                    is performed for <varname>NAME</varname>, <varname>SYMLINK</varname>, but not for
                    <varname>ENV{<replaceable>key</replaceable>}</varname>. Defaults to unset.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>static_node=</option></term>
                  <listitem>
                    <para>Apply the permissions specified in this rule to the
                    static device node with the specified name. Also, for every
                    tag specified in this rule, create a symlink
                    in the directory
                    <filename>/run/udev/static_node-tags/<replaceable>tag</replaceable></filename>
                    pointing at the static device node with the specified name.
                    Static device node creation is performed by systemd-tmpfiles
                    before systemd-udevd is started. The static nodes might not
                    have a corresponding kernel device; they are used to trigger
                    automatic kernel module loading when they are accessed.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>watch</option></term>
                  <listitem>
                    <para>Watch the device node with inotify; when the node is
                    closed after being opened for writing, a change uevent is
                    synthesized.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>nowatch</option></term>
                  <listitem>
                    <para>Disable the watching of a device node with inotify.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>db_persist</option></term>
                  <listitem>
                    <para>Set the flag (sticky bit) on the udev database entry of the event device. Device
                    properties are then kept in the database even when <command>udevadm info
                    --cleanup-db</command> is called.  This option can be useful in certain cases
                    (e.g. Device Mapper devices) for persisting device state on the transition from
                    initrd.</para>
                  </listitem>
                </varlistentry>
                <varlistentry>
                  <term><option>log_level=<replaceable>level</replaceable></option></term>
                  <listitem>
                    <para>Takes a log level name like <literal>debug</literal> or
                    <literal>info</literal>, or a special value <literal>reset</literal>. When a log
                    level name is specified, the maximum log level is changed to that level. When
                    <literal>reset</literal> is set, then the previously specified log level is
                    revoked. Defaults to the log level of the main process of
                    <command>systemd-udevd</command>.</para>
                    <para>This may be useful when debugging events for certain devices. Note that the
                    log level is applied when the line including this rule is processed. So, for
                    debugging, it is recommended that this is specified at earlier place, e.g., the
                    first line of <filename>00-debug.rules</filename>.</para>
                    <para>Example for debugging uevent processing for network interfaces:
                    <programlisting># /etc/udev/rules.d/00-debug-net.rules
SUBSYSTEM=="net", OPTIONS="log_level=debug"</programlisting></para>
                  </listitem>
                </varlistentry>
              </variablelist>
            </listitem>
          </varlistentry>
        </variablelist>

        <para>The <varname>ENV</varname>, <varname>GROUP</varname>,
        <varname>MODE</varname>, <varname>NAME</varname>,
        <varname>OWNER</varname>, <varname>PROGRAM</varname>,
        <varname>RUN</varname>, <varname>SECLABEL</varname>, and
        <varname>SYMLINK</varname> fields support simple string substitutions.
        The <varname>RUN</varname> substitutions are performed after all rules
        have been processed, right before the program is executed, allowing for
        the use of device properties set by earlier matching rules. For all
        other fields, substitutions are performed while the individual rule is
        being processed. The available substitutions are:</para>
        <variablelist class='udev-directives'>
          <varlistentry>
            <term><option>$kernel</option>, <option>%k</option></term>
            <listitem>
              <para>The kernel name for this device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$number</option>, <option>%n</option></term>
            <listitem>
              <para>The kernel number for this device. For example, <literal>sda3</literal> has kernel number
              3.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$devpath</option>, <option>%p</option></term>
            <listitem>
              <para>The devpath of the device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$id</option>, <option>%b</option></term>
            <listitem>
              <para>The name of the device matched while searching the devpath
                upwards for <option>SUBSYSTEMS</option>, <option>KERNELS</option>,
                <option>DRIVERS</option>, and <option>ATTRS</option>.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$driver</option></term>
            <listitem>
              <para>The driver name of the device matched while searching the
                devpath upwards for <option>SUBSYSTEMS</option>,
                <option>KERNELS</option>, <option>DRIVERS</option>, and
                <option>ATTRS</option>.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$attr{<replaceable>file</replaceable>}</option>, <option>%s{<replaceable>file</replaceable>}</option></term>
            <listitem>
              <para>The value of a sysfs attribute found at the device where
                all keys of the rule have matched. If the matching device does not
                have such an attribute, and a previous <option>KERNELS</option>,
                <option>SUBSYSTEMS</option>, <option>DRIVERS</option>, or
                <option>ATTRS</option> test selected a parent device, then the
                attribute from that parent device is used.
              </para>
              <para>If the attribute is a symlink, the last element of the
                symlink target is returned as the value.
              </para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$env{<replaceable>key</replaceable>}</option>, <option>%E{<replaceable>key</replaceable>}</option></term>
            <listitem>
              <para>A device property value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$major</option>, <option>%M</option></term>
            <listitem>
              <para>The kernel major number for the device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$minor</option>, <option>%m</option></term>
            <listitem>
              <para>The kernel minor number for the device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$result</option>, <option>%c</option></term>
            <listitem>
              <para>The string returned by the external program requested with
              <varname>PROGRAM</varname>.
              A single part of the string, separated by a space character, may be selected
              by specifying the part number as an attribute: <literal>%c{N}</literal>.
              If the number is followed by the <literal>+</literal> character, this part plus all remaining parts
              of the result string are substituted: <literal>%c{N+}</literal>.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$parent</option>, <option>%P</option></term>
            <listitem>
              <para>The node name of the parent device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$name</option></term>
            <listitem>
              <para>The current name of the device. If not changed by a rule, it is the
              name of the kernel device.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$links</option></term>
            <listitem>
              <para>A space-separated list of the current symlinks. The value is
              only set during a remove event or if an earlier rule assigned a value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$root</option>, <option>%r</option></term>
            <listitem>
              <para>The udev_root value.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$sys</option>, <option>%S</option></term>
            <listitem>
              <para>The sysfs mount point.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$devnode</option>, <option>%N</option></term>
            <listitem>
              <para>The name of the device node.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>%%</option></term>
            <listitem>
            <para>The <literal>%</literal> character itself.</para>
            </listitem>
          </varlistentry>

          <varlistentry>
            <term><option>$$</option></term>
            <listitem>
            <para>The <literal>$</literal> character itself.</para>
            </listitem>
          </varlistentry>
        </variablelist>
      </refsect2>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry>
        <refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>udevadm</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>
    </para>
  </refsect1>
</refentry>