Hello, I'm running BRLTTY as a systemd service under current Arch Linux with kernel 6.16.8-arch3-1. BRLTTY fails to open many devices it tries as the permissions are not liberal enough.
BRLTTY also tries to create device nodes in /run/brltty, which fails. I really don't want programs to be able to create devices under /run/ so I'm happy this fails, and I would prefer BRLTTY not trying it at all. I have not tampered the udev rules provided by Arch. Here are the permissions of all device files whic BRLTTY tries to open during its execution: # grep --only-matching '/dev/[a-zA-Z0-9/]*' brltty-priv-error.log | sort -u | xargs ls -ld drwxr-xr-x 10 root root 200 24. 9. 08:18 /dev/bus/usb crw------- 1 root root 244, 0 24. 9. 08:18 /dev/hidraw0 crw------- 1 root root 244, 1 24. 9. 08:18 /dev/hidraw1 crw------- 1 root root 244, 10 24. 9. 08:18 /dev/hidraw10 crw------- 1 root root 244, 11 24. 9. 08:18 /dev/hidraw11 crw-------+ 1 root root 244, 12 24. 9. 08:31 /dev/hidraw12 crw------- 1 root root 244, 13 24. 9. 08:18 /dev/hidraw13 crw------- 1 root root 244, 14 24. 9. 08:18 /dev/hidraw14 crw------- 1 root root 244, 2 24. 9. 08:18 /dev/hidraw2 crw------- 1 root root 244, 3 24. 9. 08:18 /dev/hidraw3 crw------- 1 root root 244, 4 24. 9. 08:18 /dev/hidraw4 crw------- 1 root root 244, 5 24. 9. 08:18 /dev/hidraw5 crw------- 1 root root 244, 6 24. 9. 08:18 /dev/hidraw6 crw------- 1 root root 244, 7 24. 9. 08:18 /dev/hidraw7 crw-------+ 1 root root 244, 8 24. 9. 08:31 /dev/hidraw8 crw------- 1 root root 244, 9 24. 9. 08:18 /dev/hidraw9 crw-rw---- 1 root input 13, 63 24. 9. 08:18 /dev/input/mice crw-rw---- 1 root audio 116, 1 24. 9. 08:18 /dev/snd/seq crw------- 1 root tty 4, 0 24. 9. 08:31 /dev/tty0 crw------- 1 aura tty 4, 1 24. 9. 08:31 /dev/tty1 crw-rw---- 1 root uucp 4, 64 24. 9. 08:18 /dev/ttyS0 crw------- 1 root root 10, 223 24. 9. 08:18 /dev/uinput crw-rw---- 1 root tty 7, 1 24. 9. 08:18 /dev/vcs1 crw-rw---- 1 root tty 7, 128 24. 9. 08:18 /dev/vcsa crw-rw---- 1 root tty 7, 64 24. 9. 08:18 /dev/vcsu Based on this, it seems that BRLTTY would need to run as root to be able to open the console. This list also raises some questions: why BRLTTY either tries to open or checks permissions of - /dev/snd/seq even though I have alert tunes and speech disabled - /dev/input/... even though I have keyboard table disabled - /dev/uinput even though I have keyboard table disabled - /dev/ttyS0 even though I have not configured any serial displays - /dev/bus/usb even though it did not try to connect to any USB display? The full log file is attached. I fixed the issue by supplying --stay-privileged to BRLTTY and changing the user from brltty to root. This of course is not an ideal solution. I don't know why Arch developers have decided on such a strict device permissions, but I suppose they had some reasons for doing it. Do you have any suggestions for solving the issue? Thanks in advance! -- Aura Kelloniemi
brltty: brltty: Console Encoding: UTF-8 program exit event added: log BRLTTY 6.8 rev BRLTTY-6.8-11-g5c386968+ [https://brltty.app/] brltty: lock descriptor allocated: queue-discarded-elements brltty: Log File: <system> brltty: Log Level: debug,debug brltty: Messages Locale: C.UTF-8 brltty: Messages Domain: brltty brltty: Messages Directory: /usr/share/locale brltty: Autospeak Threshold: none brltty: Privilege Parameter: path= brltty: Privilege Parameter: scfmode= brltty: Privilege Parameter: shell= brltty: Privilege Parameter: user= brltty: capabilities: initial: cap_sys_admin,cap_sys_tty_config,cap_mknod=eip brltty: environment variable set: PATH: /bin:/usr/bin brltty: environment variable set: SHELL: /bin/sh brltty: temporary capability already added: cap_sys_admin (for isolating namespaces) brltty: isolating namespace: cgroup (control groups) brltty: isolating namespace: mount (mount points) brltty: isolating namespace: UTS (host name and NIS domain name) brltty: executing as the invoking user: brltty brltty: not claiming state directories brltty: capability not permitted: cap_sys_module brltty: temporary capability not granted: cap_sys_module (for installing kernel modules) brltty: checking group owner of path: /dev/vcs1 brltty: checking group owner of path: /dev/tty1 brltty: checking group owner of path: /dev/ttyS0 brltty: checking group owner of path: /dev/bus/usb brltty: checking group owner of path: /dev/snd/seq brltty: checking group owner of path: /dev/input/mice brltty: checking group owner of path: /dev/uinput brltty: path not group readable: /dev/uinput brltty: path not group writable: /dev/uinput brltty: checking group owner of path: /etc/brlapi.key brltty: capabilities: temporary: cap_sys_admin,cap_sys_tty_config,cap_mknod=eip brltty: checking group owner of path: /dev/vcs1 brltty: checking group owner of path: /dev/tty1 brltty: checking group owner of path: /dev/ttyS0 brltty: checking group owner of path: /dev/bus/usb brltty: checking group owner of path: /dev/snd/seq brltty: checking group owner of path: /dev/input/mice brltty: checking group owner of path: /dev/uinput brltty: checking group owner of path: /etc/brlapi.key brltty: capabilities: permanent: cap_sys_admin,cap_sys_tty_config,cap_mknod=ep brltty: pushed command environment: initial brltty: report listener registered: 0: handleUpdateBrailleDeviceOnline brltty: lock descriptor allocated: umask brltty: program exit event added: pid-file brltty: program exit event added: screen-data brltty: Working Directory: / brltty: Configuration File: /etc/brltty.conf brltty: Tables Directory: /usr/share/brltty brltty: Drivers Directory: /usr/lib/brltty brltty: Helpers Directory: /usr/libexec/brltty brltty: Writable Directory: /run/brltty brltty: Updatable Directory: /var/lib/brltty brltty: Preferences File: /var/lib/brltty/brltty.prefs brltty: loading preferences file: /var/lib/brltty/brltty.prefs brltty: file opened: /var/lib/brltty/brltty.prefs fd=6 brltty: file opened: /var/lib/brltty/brltty.prefs fd=6 brltty: program exit event added: tunes brltty: tune thread state change: 0 -> 1 brltty: tune thread state change: 1 -> 3 brltty: regions: text=0.0 status=0.0 brltty: shifts: full=1 half=0 vertical=5 brltty: program exit event added: prompt-patterns brltty: compiling text table: /usr/share/brltty/Text/aura.ttb brltty: file opened: /etc/xdg/brltty/aura.ttb fd=10 brltty: including data file: /usr/share/brltty/Text/aura.ttb brltty: lock descriptor allocated: text-table brltty: Text Table: aura brltty: program exit event added: text-table brltty: lock descriptor allocated: contraction-table brltty: using internal contraction table: none brltty: Contraction Table: none brltty: program exit event added: contraction-table brltty: Attributes Table: left_right brltty: program exit event added: attributes-table brltty: Keyboard Property: type= brltty: Keyboard Property: vendor= brltty: Keyboard Property: product= brltty: program exit event added: keyboard-table brltty: keyboard table changed: off -> off brltty: Keyboard Table: off brltty: program exit event added: gui-keyboard-table brltty: GUI keyboard table changed: off -> off brltty: GUI Keyboard Table: off brltty: program exit event added: screen-driver brltty: activity action request: screen-driver: start brltty: activity state change: screen-driver: 4[preparing] brltty: activity state change: screen-driver: 1[prepared] brltty: activity state change: screen-driver: 2[scheduled] brltty: program exit event added: braille-data brltty: program exit event added: braille-driver brltty: activity action request: braille-driver: start brltty: activity state change: braille-driver: 4[preparing] brltty: Braille Display Dimensions: 1 column, 1 row brltty: regions: text=0.1 status=0.0 brltty: shifts: full=1 half=0 vertical=5 brltty: activity state change: braille-driver: 1[prepared] brltty: activity state change: braille-driver: 2[scheduled] brltty: program exit event added: speech-data brltty: program exit event added: speech-driver brltty: activity action request: speech-driver: start brltty: activity state change: speech-driver: 4[preparing] brltty: activity state change: speech-driver: 1[prepared] brltty: activity state change: speech-driver: 2[scheduled] brltty: Speech Input: off brltty: BrlAPI Server: release 0.8.7 brltty: API Parameter: auth=keyfile:/etc/brlapi.key brltty: API Parameter: host= brltty: program exit event added: address-table brltty: program exit event added: api-server brltty: program exit event added: sessions brltty: pushed command environment: main brltty: pushed command handler: unhandled brltty: pushed command handler: miscellaneous brltty: pushed command handler: learn brltty: pushed command handler: speech brltty: lock descriptor allocated: main-clipboard brltty: program exit event added: main-clipboard brltty: pushed command handler: clipboard brltty: pushed command handler: preferences brltty: pushed command handler: toggle brltty: report listener registered: 3: brailleWindowUpdatedListener brltty: pushed command handler: touch brltty: report listener registered: 0: keycodeCommandDataResetListener brltty: pushed command handler: keycodes brltty: report listener registered: 0: inputCommandDataResetListener brltty: pushed command handler: input brltty: pushed command handler: navigation brltty: pushed command handler: override brltty: pushed command handler: screen brltty: pushed command handler: custom brltty: pushed command handler: API brltty: activity state change: screen-driver: 6[starting] brltty: checking for screen driver: lx brltty: initializing screen driver: lx brltty: device directory: /dev brltty: checking screen device: /dev/vcsa brltty: screen device: vcsa brltty: checking console device: /dev/tty0 brltty: console device: tty0 brltty: checking unicode device: /dev/vcsu brltty: unicode device: vcsu brltty: cannot open device: /dev/tty0: Permission denied brltty: cannot contain device files: /run/brltty brltty: main console open error 1: Operation not permitted brltty: screen driver initialization failed: lx brltty: screen driver not found brltty: activity action failed: screen-driver: start brltty: activity state change: screen-driver: 2[scheduled] brltty: activity state change: braille-driver: 6[starting] brltty: checking braille device: bluetooth:D8:B6:73:90:57:B6 brltty: braille device type: Bluetooth brltty: another BrlAPI server is already listening on 0 (file /var/lib/BrlAPI/.0 exists) brltty: error while creating socket 0 brltty: program exit event added: bluetooth-device-queue brltty: checking for braille driver: fs brltty: initializing braille driver: fs -> bluetooth:D8:B6:73:90:57:B6 brltty: device open error: /dev/hidraw0: Permission denied brltty: device open error: /dev/hidraw1: Permission denied brltty: device open error: /dev/hidraw2: Permission denied brltty: device open error: /dev/hidraw3: Permission denied brltty: device open error: /dev/hidraw4: Permission denied brltty: device open error: /dev/hidraw5: Permission denied brltty: device open error: /dev/hidraw6: Permission denied brltty: device open error: /dev/hidraw7: Permission denied brltty: device open error: /dev/hidraw8: Permission denied brltty: device open error: /dev/hidraw9: Permission denied brltty: device open error: /dev/hidraw10: Permission denied brltty: device open error: /dev/hidraw13: Permission denied brltty: device open error: /dev/hidraw14: Permission denied brltty: device open error: /dev/hidraw11: Permission denied brltty: device open error: /dev/hidraw12: Permission denied brltty: activity state change: speech-driver: 6[starting] brltty: checking for speech driver: no brltty: initializing speech driver: no brltty: Speech Driver: no [NoSpeech] brltty: activity state change: speech-driver: 3[started] brltty: Detected Focus 40: cells=40, firmware=5.82-26 brltty: Manufacturer: FREEDOM SCIENTIFIC brltty: Model: Focus 40 brltty: Firmware: 5.82-26 brltty: Braille Display Dimensions: 40 columns, 1 row brltty: regions: text=0.40 status=0.0 brltty: shifts: full=40 half=20 vertical=5 brltty: Key Bindings: focus40 brltty: program exit event added: sorted-command-table brltty: file opened: /etc/xdg/brltty/focus40.ktb fd=18 brltty: including data file: /usr/share/brltty/Input/fs/focus40.ktb brltty: file opened: /etc/xdg/brltty/focus_blue.kti fd=19 brltty: including data file: /etc/xdg/brltty/focus_blue.kti brltty: program exit event added: sorted-keyboard-functions brltty: Key Table: /usr/share/brltty/Input/fs/focus40.ktb brltty: constructing special screen: help brltty: lock descriptor allocated: braille-driver brltty: braille is online brltty: Braille Driver: fs [FreedomScientific] brltty: Braille Device: bluetooth:D8:B6:73:90:57:B6 brltty: Old Preferences File: /etc/brltty-fs.prefs brltty: report listener registered: 0: brlapi_handleReports brltty: regions: text=0.40 status=0.0 brltty: shifts: full=40 half=20 vertical=5 brltty: setting braille firmness: 0 brltty: activity state change: braille-driver: 3[started] brltty: report listener unregistered: 0: brlapi_handleReports brltty: pushed command environment: message brltty: pushed command handler: message brltty: activity state change: screen-driver: 6[starting] brltty: checking for screen driver: lx brltty: initializing screen driver: lx brltty: checking screen device: /dev/vcsa brltty: screen device: vcsa brltty: checking console device: /dev/tty0 brltty: console device: tty0 brltty: checking unicode device: /dev/vcsu brltty: unicode device: vcsu brltty: cannot open device: /dev/tty0: Permission denied brltty: cannot contain device files: /run/brltty brltty: main console open error 1: Operation not permitted brltty: screen driver initialization failed: lx brltty: screen driver not found brltty: activity action failed: screen-driver: start
_______________________________________________ This message was sent via the BRLTTY mailing list. To post a message, send an e-mail to: [email protected] For general information, go to: http://brltty.app/mailman/listinfo/brltty
