On Fri, 12 May 2017 10:58:48 +0200 PaulTT <[email protected]> said: > obviously, i compile it ;) > packaged ones are full of crap, and even so, i need a couple of patches for > my setup > and then, i can also choose when upgrade or not...
oh interesting. we're 2 for 2 on "4.11 kernel + sudo doesnt work in e and below" for people who hand compile their own kernels... is there an option where the packaged kernels ensure things work? or a patch? or... at least so far in our massive sample size of 2... both compile their own kernels... :) > my 3 ยข ;P > > > On Thu, May 11, 2017 at 2:16 PM, Al Poole <[email protected]> wrote: > > > Are you compiling your own kernels??? > > > > If so, maybe you could talk to someone that packages up kernels for ideas? > > > > Personally, I wouldn't advise building any kernel from source unless you're > > testing new features or building one for an embedded system...two pence for > > you! > > > > On Thu, May 11, 2017 at 1:07 PM, Florian Schaefer <[email protected]> > > wrote: > > > > > > > > On 11.05.2017 12:33, Carsten Haitzler (The Rasterman) wrote: > > > > On Wed, 10 May 2017 09:48:19 +0200 PaulTT <[email protected]> said: > > > > > > > >> i just posted a message about this... (sorry, i've seen now this > > thread) > > > >> > > > >> as i said there, there's also a problem with unlocking (so, pam > > > related, i > > > >> assume ?) > > > >> via console su and sudo worked like a charm (i've got error messages > > > about > > > >> cpufreq and backlight too) > > > > > > > > pam would be executing a setuid root binary to do the password check... > > > so it's > > > > the same issue. something has decided that e and app processes below it > > > in the > > > > process tree "cant run setuid (root) binaries" and has disabled that > > > feature. > > > > that feature seems to only kick in with 4.11 kernel. it certainly is > > not > > > e > > > > doing this. it has relied on this working for many years. it's > > something > > > new > > > > security-wise that is being enabled by a new kernel. > > > > > > > > maybe some parent process is using setpriv? CAP_SETUID disabled? man > > > > capabilities ... for info ... maybe run captest ? > > > >e > > > > 12:20PM ~ > captest > > > > User credentials uid:1000 euid:1000 suid:1000 > > > > Group credentials gid:1000 egid:1000 sgid:1000 > > > > Current capabilities: none > > > > securebits flags: none > > > > Attempting direct access to shadow...FAILED (Permission denied) > > > > Attempting to access shadow by child process...FAILED > > > > Child User credentials uid:1000 euid:1000 suid:1000 > > > > Child Group credentials gid:1000 egid:1000 sgid:1000 > > > > Child capabilities: none > > > > Child securebits flags: none > > > > > > > > is what i get. which is normal. > > > > > > I get the same as you on my system here: > > > > > > florian@washu:~ # uname -a > > > Linux washu 4.11.0 #2 SMP PREEMPT Tue May 2 12:12:51 JST 2017 i686 > > > GNU/Linux > > > florian@washu:~ # captest > > > User credentials uid:500 euid:500 suid:500 > > > Group credentials gid:100 egid:100 sgid:100 > > > Current capabilities: none > > > securebits flags: none > > > Attempting direct access to shadow...FAILED (Permission denied) > > > Attempting to access shadow by child process...FAILED > > > Child User credentials uid:500 euid:500 suid:500 > > > Child Group credentials gid:100 egid:100 sgid:100 > > > Child capabilities: none > > > Child securebits flags: none > > > > > > Cheers, > > > Florian > > > > > > >> could the problem be related to some new sh**y systemd operation???? > > > >> i saw that also using wayland, i coulnd't access halt/reboot/suspend > > > menu > > > >> items too (this happens to me also with previous kernels) > > > > > > > > works for me with enlightenment + wl + arch (+systemd)... i can do all > > > the > > > > power off etc. stuff... > > > > > > > >> On Thu, May 4, 2017 at 6:19 AM, Carsten Haitzler < > > [email protected]> > > > >> wrote: > > > >> > > > >>> On Thu, 04 May 2017 11:09:13 +0900 <[email protected]> said: > > > >>> > > > >>>> Hi, > > > >>>> > > > >>>> Carsten Haitzler (The Rasterman) <[email protected]> wrote: > > > >>>> > > > >>>>> On Wed, 3 May 2017 12:09:21 +0900 Florian Schaefer < > > > [email protected]> > > > >>> said: > > > >>>> > > > >>>>>> Hi! > > > >>>>>> > > > >>>>>> On 03.05.2017 10:04, Carsten Haitzler (The Rasterman) wrote: > > > >>>>>>> On Tue, 02 May 2017 21:16:40 +0900 [email protected] said: > > > >>>>>>> > > > >>>>>>>> Hi, > > > >>>>>>>> > > > >>>>>>>> I got the source of kernel 4.11, then comipled, and check the > > > >>>>>>>> behaviour of enlightenment (efl 1.18.1, enlightment 0.21.7). > > > >>>>>>>> > > > >>>>>>>> At the start up of enlightenment, I got an error message; > > > >>>>>>>> > > > >>>>>>>> There was an error trying to set the cpu power state setting > > via > > > >>> the > > > >>>>>>>> module's setfreq utility. > > > >>>>>>>> > > > >>>>>>>> On the kernel 4.10.x, I never see such a message. > > > >>>>>>>> > > > >>>>>>>> And, I tried to use su and sudo command in the terminal, I got a > > > >>>>>>>> strange message; > > > >>>>>>>> > > > >>>>>>>> fulwood@linux-uw5l:~> sudo > > > >>>>>>>> sudo: effective uid is not 0, is sudo installed setuid root > > > >>>>>>>> > > > >>>>>>>> fulwood@linux-uw5l:~> su > > > >>>>>>>> Password: > > > >>>>>>>> su: incorrect password > > > >>>>>>>> > > > >>>>>>>> This means, there is a problem concerning uid treatment in the > > > >>>>>>>> enlightenment, doesn't it. > > > >>>>>>>> > > > >>>>>>>> Moreover, VirtualBox indicate the problem of enlightenment > > > >>> directly; > > > >>>>>>>> > > > >>>>>>>> fulwood@linux-uw51:~> VirtualBox > > > >>>>>>>> > > > >>>>>>>> VirtualBox: Error -10 in SUPRHardenedMain! > > > >>>>>>>> VirtualBox: Effective UID is not root (euid=1000, egid=100, > > > >>> uid=1000, > > > >>>>>>>> gid=100) > > > >>>>>>>> VirtualBox: Tip! It may help to reintall VirtualBox. > > > >>>>>>>> > > > >>>>>>>> Why does uid=1000? > > > >>>>>>> > > > >>>>>>> that's a common uid to start with for users added to a system - > > > >>> first > > > >>>>>>> user added commonly is uid 1000... that's probably ... you. > > > >>>>>>> > > > >>>>>>>> So, we can't use enlightenment on the kernel 4.11. > > > >>>>>>> > > > >>>>>>> from the above it seems like since you compiled your own kernel > > it > > > >>>>>>> seemingly has disabled setuid root binaries. i assume this is > > some > > > >>> new > > > >>>>>>> feature of kernels since 4.11 that has been turned on. i suggest > > > >>> you > > > >>>>>>> turn it off to allow them again. your kernel broke far more than > > > >>>>>>> enlightenment. it broke sudo. probably even broke su. it broke > > > >>>>>>> virtualbox... it broke stuff. what that option is - i don't know. > > > >>> this > > > >>>>>>> is news to me. > > > >>>>>> > > > >>>>>> Just for the record I'd like to add that I observe the same > > > behavior. > > > >>>>>> > > > >>>>>> Since switching from 4.9 to 4.11 yesterday I cannot do suid > > > requiring > > > >>>>>> operations (like su or mount.cifs) from within E (using > > terminology > > > >>> or > > > >>>>>> xterm) any more. Interestingly, if I am right at the console (so > > no > > > >>> Xorg > > > >>>>>> and e in-between) all those commands work like a charm. > > > >>>>>> > > > >>>>>> I could not find any setuid related option in the kernel > > > >>> configuration > > > >>>>>> so I cannot really imagine where it is misconfigured. > > > >>>> > > > >>>>> it'll likely be some security option that ends up doing this for > > > child > > > >>>>> processes ... whatever/however it is... but its certainly a change > > in > > > >>> the > > > >>>>> kernel and "security options" of some sort. > > > >>>> > > > >>>> But, why the kernel's change has an impact on enlightenment only? > > > >>>> On e16 and kde-plasma, no impact. > > > >>> > > > >>> neither controls cpu frequency/governor or don't use setuid root > > > binaries > > > >>> or > > > >>> they come from packages with specific selinux rules to allow setuid > > > root > > > >>> binaries... or something. but it's a kernel change that creates the > > > issue. > > > >>> what > > > >>> - i don't know. ask your friendly neighbourhood kernel developer. the > > > >>> setuid > > > >>> root binaries are specifically erroring out unable to assume root > > privs > > > >>> where > > > >>> they could before. > > > >>> > > > >>> > > > >>> -- > > > >>> ------------- Codito, ergo sum - "I code, therefore I am" > > > -------------- > > > >>> The Rasterman (Carsten Haitzler) [email protected] > > > >>> > > > >>> > > > >>> ------------------------------------------------------------ > > > >>> ------------------ > > > >>> Check out the vibrant tech community on one of the world's most > > > >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > >>> _______________________________________________ > > > >>> enlightenment-devel mailing list > > > >>> [email protected] > > > >>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > >>> > > > >> ------------------------------------------------------------ > > > ------------------ > > > >> Check out the vibrant tech community on one of the world's most > > > >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > >> _______________________________________________ > > > >> enlightenment-devel mailing list > > > >> [email protected] > > > >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > >> > > > > > > > > > > > > > > ------------------------------------------------------------ > > > ------------------ > > > Check out the vibrant tech community on one of the world's most > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > > enlightenment-devel mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > > > ------------------------------------------------------------ > > ------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > enlightenment-devel mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > enlightenment-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [email protected] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
