Hello, Dave Mielke <[email protected]> writes: > [quoted lines by Aura Kelloniemi on 2020/08/22 at 08:57 +0300] > >BRLTTY changes to user brltty:brltty, but for some reason the capability > >assignments don't work and the process is non-functional.
> This should (must) be figured out. Please capture and post a debug log for > when > brltty starts up. Use -L/path/to/logfile, and -ldebug should be enough. I needed to return to a setup where I run brltty as root, because I needed to get other things done. Could you recommend me an easy solution which allows me to install and run BRLTTY with reduced privileges, and then return to the full privileges version (blindly) when it shows "No screen". I have a spare display available that I can use, but I probably cannot have multiple BRLTTYversions installed at the same time, because the systemd files need to be in place. > i'm wondering if you may have a mixture of older and newer systemd > units/files. Should not be. > Or, maybe, you have an incomplete setup. Which systemd-related files do you > currently have insalled? I had brltty.path, [email protected], [email protected], udev rules, and sysusers and tmpfiles configuration files. I also had the brltty user and groups defined, but the problem can be there, if systemd did not generate them properly. > The output from systemd status and journal would probably be helpful. elo 19 10:15:32 solaria systemd-wrapper[929]: BRLTTY 6.1 rev BRLTTY-6.1-438-gee5f2a06 [http://brltty.app/] elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: continuing to execute as the invoking user: brltty elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: capability not permitted: cap_sys_module elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: capability not permitted: cap_setgid elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: path not group readable: /dev/uinput elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: path not group writable: /dev/uinput elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: group not joined: 977(brlapi) elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: group not joined: 987(uucp) elo 19 10:15:32 solaria systemd-wrapper[929]: brltty: cannot create directory: /run/brltty: Permission denied elo 19 10:15:32 solaria systemd[1]: [email protected]: Can't open PID file /run/brltty/brltty--dev-bus-usb-003-004.pid (yet?) after start: Operation not permitted elo 19 10:15:32 solaria systemd-wrapper[934]: brltty: cannot create directory: /run/brltty: Permission denied > >I have not found a way to prevent BRLTTY from changing the user without > >deleting the user or passing --with-privilege-parameters to configure. I > >would > >like to have a way o disable the UIDchange, something like > >--privilege-parameters=lx:user= on BRLTTY command line. > That'd be a way to bypass a distribution's security policy. Well, I mean I would like to do this as root. When I have root privileges, I can already defeat all security policies, if I want. I want to run BRLTTY with minimal privileges, but this kind of an option would be extremely handy for situations when something goes wrong. > >When I manage to run BRLTTY as root, it changes to the directory > >/var/run/brltty and tries to create device nodes there. However, /var/run is > >mounted with nodev flag by systemd, because of security reasons. As a > >result, > >BRLTTY does not have access to screen contents (or any other devices). I > >fixed > >this temporarily by setting writable-directory to /root/brltty-runtime/ > >brltty.conf. > Brltty shouldn't be creating those devices. Sure, it'll try, but what this > situation really means is that something about the setup is wrong. In this > case, I'm suspecting that it's runniog as an unprivieleged user but doesn't > have the needed group memberships. Again, a debug log would be helpful. This was quite easy to test. I almost lost display access completely during the process, but luckily not. The log file is attached as brltty-as-root.log. I run: # brltty -W /var/run/brltty -ne -l debug BRLTTY fails to open /dev/tty1 (Permission denied) even though it manages to join the group tty (/dev/tty1 is owned by my user and has group tty). > It could be that you didn't install the sysusers brltty.conf file. It > probably > means that the brltty user doesn't have its needed supplementary group list. The only group missing is dialout, because I already removed the systemd files shipped with brltty (to get it running as root). dialout should not be needed for screen access though. > For now, disable brltty's udev rules. I will, and I probably never need them, since I always use one display, and I want it to be managed by a single BRLTTY instance regardless of whether I'm using bluetooth or USB. > >systemd complains that [email protected] depends on > >systemd-udev-settle.service > >which is deprecated, and should no more be used. > Does anything say what should be used instead? This is an excerpt from /lib/systemd/system/systemd-udev-settle.service: # This service can dynamically be pulled-in by legacy services which # cannot reliably cope with dynamic device configurations, and wrongfully # expect a populated /dev during bootup. Maybe internet would spread more light on this. -- Aura
brltty: program exit event added: log BRLTTY 6.1 rev BRLTTY-6.1-439-ge5a42ba2M [http://brltty.app/] brltty: lock descriptor allocated: queue-discarded-elements brltty: Log Level: debug brltty: Privilege Parameter: path= brltty: Privilege Parameter: scfmode= brltty: Privilege Parameter: shell= brltty: Privilege Parameter: user= brltty: capabilities: at start: =ep brltty: environment variable set: PATH: /bin:/usr/bin brltty: environment variable set: SHELL: /bin/sh brltty: temporary capability already added: cap_sys_admin (for isolating namespaces) brltty: isolating namespace: cgroup (control groups) brltty: isolating namespace: IPC (System V interprocess communication objects and POSIX message queues) brltty: isolating namespace: mount (mount points) brltty: isolating namespace: UTS (host name and NIS domain name) brltty: unprivileged user not configured brltty: continuing to execute as the invoking user: root brltty: not claiming state directories brltty: working directory changed: /var/lib/brltty brltty: environment variable set: HOME: /var/lib/brltty brltty: starting host command: /sbin/modprobe -q pcspkr brltty: host command exit status: 0: /sbin/modprobe brltty: starting host command: /sbin/modprobe -q uinput brltty: host command exit status: 0: /sbin/modprobe brltty: unknown group: dialout brltty: path not group readable: /dev/uinput brltty: path not group writable: /dev/uinput brltty: setting supplementary groups: 0(root) 5(tty) 971(pulse-access) 977(brlapi) 987(uucp) 993(input) 995(audio) brltty: unknown group: dialout brltty: path not group readable: /dev/uinput brltty: path not group writable: /dev/uinput brltty: capabilities: after relinquish: cap_sys_admin,cap_sys_tty_config,cap_mknod=ep brltty: pushed command environment: initial brltty: report listener registered: 0: handleUpdateBrailleDeviceOnline brltty: program exit event added: screen-data brltty: Working Directory: /var/lib/brltty brltty: Configuration File: /etc/brltty.conf brltty: Preferences File: brltty.prefs brltty: file opened: /root/.config/brltty/brltty.prefs fd=6 brltty: file opened: /root/.config/brltty/brltty.prefs fd=6 brltty: program exit event added: tunes brltty: tune thread state change: 0 -> 1 brltty: tune thread state change: 1 -> 3 brltty: regions: text=0.0 status=0.0 brltty: shifts: full=1 half=0 vertical=5 brltty: program exit event added: prompt-patterns brltty: Updatable Directory: /var/lib/brltty brltty: Writable Directory: /var/run/brltty brltty: Drivers Directory: /usr/lib/brltty brltty: Tables Directory: /usr/share/brltty brltty: compiling text table: /usr/share/brltty/Text/aura.ttb brltty: file opened: /etc/xdg/brltty/aura.ttb fd=10 brltty: including data file: /usr/share/brltty/Text/aura.ttb brltty: lock descriptor allocated: text-table brltty: Text Table: aura brltty: program exit event added: text-table brltty: Attributes Table: left_right brltty: program exit event added: attributes-table brltty: program exit event added: contraction-table brltty: Contraction Table: none brltty: Keyboard Property: type= brltty: Keyboard Property: vendor= brltty: Keyboard Property: product= brltty: program exit event added: keyboard-table brltty: Keyboard Table: none brltty: program exit event added: screen-driver brltty: activity action request: screen-driver: start brltty: activity state change: screen-driver: 4[preparing] brltty: activity state change: screen-driver: 1[prepared] brltty: activity state change: screen-driver: 2[scheduled] brltty: program exit event added: braille-data brltty: program exit event added: braille-driver brltty: activity action request: braille-driver: start brltty: activity state change: braille-driver: 4[preparing] brltty: Braille Display Dimensions: 1 row, 1 column brltty: regions: text=0.1 status=0.0 brltty: shifts: full=1 half=0 vertical=5 brltty: activity state change: braille-driver: 1[prepared] brltty: activity state change: braille-driver: 2[scheduled] brltty: program exit event added: speech-data brltty: program exit event added: speech-driver brltty: activity action request: speech-driver: start brltty: activity state change: speech-driver: 4[preparing] brltty: activity state change: speech-driver: 1[prepared] brltty: activity state change: speech-driver: 2[scheduled] brltty: Speech Input: none brltty: BrlAPI Server: release 0.8.0 brltty: API Parameter: auth= brltty: API Parameter: host= brltty: API Parameter: stacksize= brltty: program exit event added: address-table brltty: program exit event added: api-server brltty: program exit event added: sessions brltty: pushed command environment: main brltty: pushed command handler: unhandled brltty: pushed command handler: miscellaneous brltty: pushed command handler: learn brltty: pushed command handler: speech brltty: lock descriptor allocated: main-clipboard brltty: program exit event added: main-clipboard brltty: pushed command handler: clipboard brltty: pushed command handler: preferences brltty: pushed command handler: toggle brltty: report listener registered: 3: brailleWindowUpdatedListener brltty: pushed command handler: touch brltty: report listener registered: 0: keycodeCommandDataResetListener brltty: pushed command handler: keycodes brltty: report listener registered: 0: inputCommandDataResetListener brltty: pushed command handler: input brltty: pushed command handler: navigation brltty: pushed command handler: screen brltty: pushed command handler: custom brltty: pushed command handler: API brltty: activity state change: screen-driver: 6[starting] brltty: checking for screen driver: lx brltty: initializing screen driver: lx brltty: device directory: /dev brltty: checking screen device: /dev/vcsa brltty: screen device: vcsa brltty: checking console device: /dev/tty0 brltty: console device: tty0 brltty: checking unicode device: /dev/vcsu brltty: unicode device: vcsu brltty: cannot open device: /dev/tty1: Lupa evätty brltty: cannot contain device files: /var/run/brltty brltty: screen driver initialization failed: lx brltty: screen driver not found brltty: activity action failed: screen-driver: start brltty: activity state change: screen-driver: 2[scheduled] brltty: activity state change: braille-driver: 6[starting] brltty: checking braille device: bluetooth: brltty: braille device type: Bluetooth brltty: program exit event added: bluetooth-device-queue brltty: checking for braille driver: fs brltty: initializing braille driver: fs -> bluetooth: brltty: activity state change: speech-driver: 6[starting] brltty: no autodetectable speech drivers brltty: checking for speech driver: no brltty: initializing speech driver: no brltty: Speech Driver: no [NoSpeech] brltty: NoSpeech Speech Driver: brltty: activity state change: speech-driver: 3[started] brltty: activity state change: screen-driver: 6[starting] brltty: checking for screen driver: lx brltty: initializing screen driver: lx brltty: checking screen device: /dev/vcsa brltty: screen device: vcsa brltty: checking console device: /dev/tty0 brltty: console device: tty0 brltty: checking unicode device: /dev/vcsu brltty: unicode device: vcsu brltty: cannot open device: /dev/tty1: Lupa evätty brltty: cannot contain device files: /var/run/brltty brltty: screen driver initialization failed: lx brltty: screen driver not found brltty: activity action failed: screen-driver: start brltty: activity state change: screen-driver: 2[scheduled] brltty: braille driver initialization failed: fs -> bluetooth: brltty: braille driver not found brltty: checking braille device: usb: brltty: braille device type: USB brltty: checking for braille driver: fs brltty: initializing braille driver: fs -> usb: brltty: USB: Manufacturer Name: Freedom Scientific brltty: USB: Product Description: Focus 3 brltty: USB: Serial Number: 0123456 brltty: program exit event added: sorted-usb-serial-adapters brltty: Detected Focus 40: cells=40, firmware=5.71 brltty: Manufacturer: FREEDOM SCIENTIFIC brltty: Model: Focus 40 brltty: Firmware: 5.71 brltty: Braille Display Dimensions: 1 row, 40 columns brltty: regions: text=0.40 status=0.0 brltty: shifts: full=40 half=20 vertical=5 brltty: Key Bindings: focus40 brltty: program exit event added: sorted-command-table brltty: file opened: /etc/xdg/brltty/focus40.ktb fd=25 brltty: including data file: /usr/share/brltty/Input/fs/focus40.ktb brltty: file opened: /etc/xdg/brltty/focus_blue.kti fd=26 brltty: including data file: /etc/xdg/brltty/focus_blue.kti brltty: program exit event added: sorted-keyboard-functions brltty: Key Table: /usr/share/brltty/Input/fs/focus40.ktb brltty: constructing special screen: help brltty: lock descriptor allocated: braille-driver brltty: braille is online brltty: Braille Driver: fs [FreedomScientific] brltty: FreedomScientific Braille Driver: brltty: Braille Device: usb: brltty: Old Preferences File: /etc/brltty-fs.prefs brltty: report listener registered: 0: brlapi_handleReports brltty: regions: text=0.40 status=0.0 brltty: shifts: full=40 half=20 vertical=5 brltty: setting braille firmness: 4 brltty: activity state change: braille-driver: 3[started] brltty: report listener unregistered: 0: brlapi_handleReports brltty: pushed command environment: message brltty: pushed command handler: message brltty: program exit event added: command-queue brltty: command: 00001D (HOME: go to screen cursor) brltty: popped command handler: message brltty: popped command environment: message brltty: report listener registered: 0: brlapi_handleReports brltty: activity state change: screen-driver: 6[starting] brltty: checking for screen driver: lx brltty: initializing screen driver: lx brltty: checking screen device: /dev/vcsa brltty: screen device: vcsa brltty: checking console device: /dev/tty0 brltty: console device: tty0 brltty: checking unicode device: /dev/vcsu brltty: unicode device: vcsu brltty: cannot open device: /dev/tty1: Lupa evätty brltty: cannot contain device files: /var/run/brltty brltty: screen driver initialization failed: lx brltty: screen driver not found brltty: activity action failed: screen-driver: start brltty: activity state change: screen-driver: 2[scheduled] brltty: stopping program components brltty: stopping program component: command-queue brltty: stopping program component: sorted-keyboard-functions brltty: stopping program component: sorted-command-table brltty: stopping program component: sorted-usb-serial-adapters brltty: stopping program component: bluetooth-device-queue brltty: stopping program component: main-clipboard brltty: stopping program component: sessions brltty: popped command handler: API brltty: popped command handler: custom brltty: popped command handler: screen brltty: popped command handler: navigation brltty: popped command handler: input brltty: report listener unregistered: 0: inputCommandDataResetListener brltty: popped command handler: keycodes brltty: report listener unregistered: 0: keycodeCommandDataResetListener brltty: popped command handler: touch brltty: report listener unregistered: 3: brailleWindowUpdatedListener brltty: popped command handler: toggle brltty: popped command handler: preferences brltty: popped command handler: clipboard brltty: popped command handler: speech brltty: popped command handler: learn brltty: popped command handler: miscellaneous brltty: popped command handler: unhandled brltty: popped command environment: main brltty: stopping program component: api-server brltty: report listener unregistered: 0: brlapi_handleReports brltty: select: Keskeytetty järjestelmäkutsu brltty: stopping program component: address-table brltty: stopping program component: speech-driver brltty: activity action request: speech-driver: stop brltty: activity state change: speech-driver: 9[stopping] brltty: activity state change: speech-driver: 0[stopped] brltty: stopping program component: speech-data brltty: stopping program component: braille-driver brltty: pushed command environment: message brltty: pushed command handler: message brltty: popped command handler: message brltty: popped command environment: message brltty: activity action request: braille-driver: stop brltty: activity state change: braille-driver: 9[stopping] brltty: braille is offline brltty: activity state change: braille-driver: 0[stopped] brltty: stopping program component: braille-data brltty: stopping program component: screen-driver brltty: activity action request: screen-driver: stop brltty: activity state change: screen-driver: 1[prepared] brltty: activity state change: screen-driver: 0[stopped] brltty: stopping program component: keyboard-table brltty: stopping program component: contraction-table brltty: lock descriptor allocated: contraction-table brltty: stopping program component: attributes-table brltty: lock descriptor allocated: attributes-table brltty: stopping program component: text-table brltty: stopping program component: prompt-patterns brltty: stopping program component: tunes brltty: tune thread state change: 3 -> 4 brltty: tune thread state change: 4 -> 5 brltty: stopping program component: screen-data brltty: destructing special screen: help brltty: stopping program component: log brltty: stopping program component: queue brltty: stopping program component: program-directory brltty: stopping program component: program-path brltty: stopping program component: options brltty: stopped program components popped command environment: initial stopping program components stopped program components
_______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: [email protected] For general information, go to: http://brltty.app/mailman/listinfo/brltty
