Hi Al! On 11.05.2017 21:16, Al Poole wrote: > Are you compiling your own kernels???
Yep, been doing so for the last 18 years. Force of habit I guess as I don't want stuff in my kernel that won't be used on my system anyway. :-) > If so, maybe you could talk to someone that packages up kernels for ideas? > > Personally, I wouldn't advise building any kernel from source unless you're > testing new features or building one for an embedded system...two pence for > you! Thanks for the advice. Would be interesting to get feedback from other users here that are running packaged 4.11 kernels provided by Debian and such. Then I might start comparing .config files. Cheers, Florian > On Thu, May 11, 2017 at 1:07 PM, Florian Schaefer <[email protected]> wrote: > >> >> On 11.05.2017 12:33, Carsten Haitzler (The Rasterman) wrote: >>> On Wed, 10 May 2017 09:48:19 +0200 PaulTT <[email protected]> said: >>> >>>> i just posted a message about this... (sorry, i've seen now this thread) >>>> >>>> as i said there, there's also a problem with unlocking (so, pam >> related, i >>>> assume ?) >>>> via console su and sudo worked like a charm (i've got error messages >> about >>>> cpufreq and backlight too) >>> >>> pam would be executing a setuid root binary to do the password check... >> so it's >>> the same issue. something has decided that e and app processes below it >> in the >>> process tree "cant run setuid (root) binaries" and has disabled that >> feature. >>> that feature seems to only kick in with 4.11 kernel. it certainly is not >> e >>> doing this. it has relied on this working for many years. it's something >> new >>> security-wise that is being enabled by a new kernel. >>> >>> maybe some parent process is using setpriv? CAP_SETUID disabled? man >>> capabilities ... for info ... maybe run captest ? >>> e >>> 12:20PM ~ > captest >>> User credentials uid:1000 euid:1000 suid:1000 >>> Group credentials gid:1000 egid:1000 sgid:1000 >>> Current capabilities: none >>> securebits flags: none >>> Attempting direct access to shadow...FAILED (Permission denied) >>> Attempting to access shadow by child process...FAILED >>> Child User credentials uid:1000 euid:1000 suid:1000 >>> Child Group credentials gid:1000 egid:1000 sgid:1000 >>> Child capabilities: none >>> Child securebits flags: none >>> >>> is what i get. which is normal. >> >> I get the same as you on my system here: >> >> florian@washu:~ # uname -a >> Linux washu 4.11.0 #2 SMP PREEMPT Tue May 2 12:12:51 JST 2017 i686 >> GNU/Linux >> florian@washu:~ # captest >> User credentials uid:500 euid:500 suid:500 >> Group credentials gid:100 egid:100 sgid:100 >> Current capabilities: none >> securebits flags: none >> Attempting direct access to shadow...FAILED (Permission denied) >> Attempting to access shadow by child process...FAILED >> Child User credentials uid:500 euid:500 suid:500 >> Child Group credentials gid:100 egid:100 sgid:100 >> Child capabilities: none >> Child securebits flags: none >> >> Cheers, >> Florian >> >>>> could the problem be related to some new sh**y systemd operation???? >>>> i saw that also using wayland, i coulnd't access halt/reboot/suspend >> menu >>>> items too (this happens to me also with previous kernels) >>> >>> works for me with enlightenment + wl + arch (+systemd)... i can do all >> the >>> power off etc. stuff... >>> >>>> On Thu, May 4, 2017 at 6:19 AM, Carsten Haitzler <[email protected]> >>>> wrote: >>>> >>>>> On Thu, 04 May 2017 11:09:13 +0900 <[email protected]> said: >>>>> >>>>>> Hi, >>>>>> >>>>>> Carsten Haitzler (The Rasterman) <[email protected]> wrote: >>>>>> >>>>>>> On Wed, 3 May 2017 12:09:21 +0900 Florian Schaefer < >> [email protected]> >>>>> said: >>>>>> >>>>>>>> Hi! >>>>>>>> >>>>>>>> On 03.05.2017 10:04, Carsten Haitzler (The Rasterman) wrote: >>>>>>>>> On Tue, 02 May 2017 21:16:40 +0900 [email protected] said: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I got the source of kernel 4.11, then comipled, and check the >>>>>>>>>> behaviour of enlightenment (efl 1.18.1, enlightment 0.21.7). >>>>>>>>>> >>>>>>>>>> At the start up of enlightenment, I got an error message; >>>>>>>>>> >>>>>>>>>> There was an error trying to set the cpu power state setting via >>>>> the >>>>>>>>>> module's setfreq utility. >>>>>>>>>> >>>>>>>>>> On the kernel 4.10.x, I never see such a message. >>>>>>>>>> >>>>>>>>>> And, I tried to use su and sudo command in the terminal, I got a >>>>>>>>>> strange message; >>>>>>>>>> >>>>>>>>>> fulwood@linux-uw5l:~> sudo >>>>>>>>>> sudo: effective uid is not 0, is sudo installed setuid root >>>>>>>>>> >>>>>>>>>> fulwood@linux-uw5l:~> su >>>>>>>>>> Password: >>>>>>>>>> su: incorrect password >>>>>>>>>> >>>>>>>>>> This means, there is a problem concerning uid treatment in the >>>>>>>>>> enlightenment, doesn't it. >>>>>>>>>> >>>>>>>>>> Moreover, VirtualBox indicate the problem of enlightenment >>>>> directly; >>>>>>>>>> >>>>>>>>>> fulwood@linux-uw51:~> VirtualBox >>>>>>>>>> >>>>>>>>>> VirtualBox: Error -10 in SUPRHardenedMain! >>>>>>>>>> VirtualBox: Effective UID is not root (euid=1000, egid=100, >>>>> uid=1000, >>>>>>>>>> gid=100) >>>>>>>>>> VirtualBox: Tip! It may help to reintall VirtualBox. >>>>>>>>>> >>>>>>>>>> Why does uid=1000? >>>>>>>>> >>>>>>>>> that's a common uid to start with for users added to a system - >>>>> first >>>>>>>>> user added commonly is uid 1000... that's probably ... you. >>>>>>>>> >>>>>>>>>> So, we can't use enlightenment on the kernel 4.11. >>>>>>>>> >>>>>>>>> from the above it seems like since you compiled your own kernel it >>>>>>>>> seemingly has disabled setuid root binaries. i assume this is some >>>>> new >>>>>>>>> feature of kernels since 4.11 that has been turned on. i suggest >>>>> you >>>>>>>>> turn it off to allow them again. your kernel broke far more than >>>>>>>>> enlightenment. it broke sudo. probably even broke su. it broke >>>>>>>>> virtualbox... it broke stuff. what that option is - i don't know. >>>>> this >>>>>>>>> is news to me. >>>>>>>> >>>>>>>> Just for the record I'd like to add that I observe the same >> behavior. >>>>>>>> >>>>>>>> Since switching from 4.9 to 4.11 yesterday I cannot do suid >> requiring >>>>>>>> operations (like su or mount.cifs) from within E (using terminology >>>>> or >>>>>>>> xterm) any more. Interestingly, if I am right at the console (so no >>>>> Xorg >>>>>>>> and e in-between) all those commands work like a charm. >>>>>>>> >>>>>>>> I could not find any setuid related option in the kernel >>>>> configuration >>>>>>>> so I cannot really imagine where it is misconfigured. >>>>>> >>>>>>> it'll likely be some security option that ends up doing this for >> child >>>>>>> processes ... whatever/however it is... but its certainly a change in >>>>> the >>>>>>> kernel and "security options" of some sort. >>>>>> >>>>>> But, why the kernel's change has an impact on enlightenment only? >>>>>> On e16 and kde-plasma, no impact. >>>>> >>>>> neither controls cpu frequency/governor or don't use setuid root >> binaries >>>>> or >>>>> they come from packages with specific selinux rules to allow setuid >> root >>>>> binaries... or something. but it's a kernel change that creates the >> issue. >>>>> what >>>>> - i don't know. ask your friendly neighbourhood kernel developer. the >>>>> setuid >>>>> root binaries are specifically erroring out unable to assume root privs >>>>> where >>>>> they could before. >>>>> >>>>> >>>>> -- >>>>> ------------- Codito, ergo sum - "I code, therefore I am" >> -------------- >>>>> The Rasterman (Carsten Haitzler) [email protected] >>>>> >>>>> >>>>> ------------------------------------------------------------ >>>>> ------------------ >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>> _______________________________________________ >>>>> enlightenment-devel mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>>> >>>> ------------------------------------------------------------ >> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> enlightenment-devel mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>> >>> >>> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> enlightenment-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >> > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > enlightenment-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
