Gary:
Does your /etc/security/prof_attr file have a line like this where
"Console User" has the "Desktop Removable Media User" role?
Console User:::Manage System as the Console User:profiles=Suspend To
RAM,Suspend To Disk,Brightness,CPU Power Management,Network Autoconf,
Desktop Removable Media User,Network Wifi
Info;auths=solaris.system.shutdown;help=RtConsUser.html
and also a line like this?
Desktop Removable Media User:::Access removable media for desktop user:
Device Management:::Control Access to Removable
Media:auths=solaris.device.*,solaris.admin.serialmgr.*;help=RtDeviceMngmnt.html
Does your /etc/security/exec_attr file have lines like this to
allow brasero and sound-juicer to run using this role? Also you
might need to add a similar line for rhythmbox if you want it to
work.
Desktop Removable Media
User:solaris:cmd:::/usr/bin/brasero:privs=sys_devices
Desktop Removable Media
User:solaris:cmd:::/usr/bin/sound-juicer:privs=sys_devices
If not, does adding such lines help?
Brian
>> Could you try playing the CD as the root user and see
>> if that
>> works better? Note that sound-juicer and brasero now
>> make use of
>> the "Desktop Removable Media User" in
>> /etc/security/exec_attr and
>> if your user doesn't have this role, then it won't
>> work. Perhaps
>> something is messed up with that? If it works as the
>> root user and
>> not a normal user, then the problem is likely in this
>> area, I'd think.
>
> That sounds like the problem, although logging in to Gnome as
> root didn't make any difference. A truss of my gnome-terminal shell
> as root while it invoked the rhythmbox command as an ordinary
> user revealed the problem. A couple of times when it executed
> cdda2wav, it got return code 7, which means `pipe communication
> errors encountered (in forked mode)'. The cdda2wav command is
> a shell script that runs pfexec. This command is setuid root, but when
> it executed cdda2wav.bin, the UID was my own, not zero. Before
> that, it set them to my UID thusly:
>
> 6750: setppriv(PRIV_ON, PRIV_INHERITABLE, {002000080201000000000000}) = 0
> 6750: setreuid(107, 107) = 0
> 6750: getppriv(PRIV_INHERITABLE, {002200087301000000000000}) = 0
> 6750: setppriv(PRIV_SET, PRIV_PERMITTED, {002200087301000000000000}) Err#1
> EPERM
>
> I see from /etc/security/exec_attr that the necessary privilege is
> `sys_devices'. When I run `ppriv -v $$', I only see that privilege
> listed under `L'. Once I figure out how to change that, I'll try again.
