On 12.05.2017 18:26, Carsten Haitzler (The Rasterman) wrote: > On Fri, 12 May 2017 10:58:48 +0200 PaulTT <pau...@gmail.com> said: > >> obviously, i compile it ;) >> packaged ones are full of crap, and even so, i need a couple of patches for >> my setup >> and then, i can also choose when upgrade or not... > > oh interesting. we're 2 for 2 on "4.11 kernel + sudo doesnt work in e and > below" for people who hand compile their own kernels... > > is there an option where the packaged kernels ensure things work? or a patch? > or... > > at least so far in our massive sample size of 2... both compile their own > kernels... :)
That is very interesting indeed. Therefore I asked for people to raise hands that are using (packaged) 4.11 kernels without trouble. Till now I have not yet actually seen this confirmation here. Cheers, Florian >> my 3 ยข ;P >> >> >> On Thu, May 11, 2017 at 2:16 PM, Al Poole <nets...@gmail.com> wrote: >> >>> Are you compiling your own kernels??? >>> >>> If so, maybe you could talk to someone that packages up kernels for ideas? >>> >>> Personally, I wouldn't advise building any kernel from source unless you're >>> testing new features or building one for an embedded system...two pence for >>> you! >>> >>> On Thu, May 11, 2017 at 1:07 PM, Florian Schaefer <list...@netego.de> >>> wrote: >>> >>>> >>>> On 11.05.2017 12:33, Carsten Haitzler (The Rasterman) wrote: >>>>> On Wed, 10 May 2017 09:48:19 +0200 PaulTT <pau...@gmail.com> said: >>>>> >>>>>> i just posted a message about this... (sorry, i've seen now this >>> thread) >>>>>> >>>>>> as i said there, there's also a problem with unlocking (so, pam >>>> related, i >>>>>> assume ?) >>>>>> via console su and sudo worked like a charm (i've got error messages >>>> about >>>>>> cpufreq and backlight too) >>>>> >>>>> pam would be executing a setuid root binary to do the password check... >>>> so it's >>>>> the same issue. something has decided that e and app processes below it >>>> in the >>>>> process tree "cant run setuid (root) binaries" and has disabled that >>>> feature. >>>>> that feature seems to only kick in with 4.11 kernel. it certainly is >>> not >>>> e >>>>> doing this. it has relied on this working for many years. it's >>> something >>>> new >>>>> security-wise that is being enabled by a new kernel. >>>>> >>>>> maybe some parent process is using setpriv? CAP_SETUID disabled? man >>>>> capabilities ... for info ... maybe run captest ? >>>>> e >>>>> 12:20PM ~ > captest >>>>> User credentials uid:1000 euid:1000 suid:1000 >>>>> Group credentials gid:1000 egid:1000 sgid:1000 >>>>> Current capabilities: none >>>>> securebits flags: none >>>>> Attempting direct access to shadow...FAILED (Permission denied) >>>>> Attempting to access shadow by child process...FAILED >>>>> Child User credentials uid:1000 euid:1000 suid:1000 >>>>> Child Group credentials gid:1000 egid:1000 sgid:1000 >>>>> Child capabilities: none >>>>> Child securebits flags: none >>>>> >>>>> is what i get. which is normal. >>>> >>>> I get the same as you on my system here: >>>> >>>> florian@washu:~ # uname -a >>>> Linux washu 4.11.0 #2 SMP PREEMPT Tue May 2 12:12:51 JST 2017 i686 >>>> GNU/Linux >>>> florian@washu:~ # captest >>>> User credentials uid:500 euid:500 suid:500 >>>> Group credentials gid:100 egid:100 sgid:100 >>>> Current capabilities: none >>>> securebits flags: none >>>> Attempting direct access to shadow...FAILED (Permission denied) >>>> Attempting to access shadow by child process...FAILED >>>> Child User credentials uid:500 euid:500 suid:500 >>>> Child Group credentials gid:100 egid:100 sgid:100 >>>> Child capabilities: none >>>> Child securebits flags: none >>>> >>>> Cheers, >>>> Florian >>>> >>>>>> could the problem be related to some new sh**y systemd operation???? >>>>>> i saw that also using wayland, i coulnd't access halt/reboot/suspend >>>> menu >>>>>> items too (this happens to me also with previous kernels) >>>>> >>>>> works for me with enlightenment + wl + arch (+systemd)... i can do all >>>> the >>>>> power off etc. stuff... >>>>> >>>>>> On Thu, May 4, 2017 at 6:19 AM, Carsten Haitzler < >>> ras...@rasterman.com> >>>>>> wrote: >>>>>> >>>>>>> On Thu, 04 May 2017 11:09:13 +0900 <fulwood...@gmail.com> said: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Carsten Haitzler (The Rasterman) <ras...@rasterman.com> wrote: >>>>>>>> >>>>>>>>> On Wed, 3 May 2017 12:09:21 +0900 Florian Schaefer < >>>> list...@netego.de> >>>>>>> said: >>>>>>>> >>>>>>>>>> Hi! >>>>>>>>>> >>>>>>>>>> On 03.05.2017 10:04, Carsten Haitzler (The Rasterman) wrote: >>>>>>>>>>> On Tue, 02 May 2017 21:16:40 +0900 fulwood...@gmail.com said: >>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> I got the source of kernel 4.11, then comipled, and check the >>>>>>>>>>>> behaviour of enlightenment (efl 1.18.1, enlightment 0.21.7). >>>>>>>>>>>> >>>>>>>>>>>> At the start up of enlightenment, I got an error message; >>>>>>>>>>>> >>>>>>>>>>>> There was an error trying to set the cpu power state setting >>> via >>>>>>> the >>>>>>>>>>>> module's setfreq utility. >>>>>>>>>>>> >>>>>>>>>>>> On the kernel 4.10.x, I never see such a message. >>>>>>>>>>>> >>>>>>>>>>>> And, I tried to use su and sudo command in the terminal, I got a >>>>>>>>>>>> strange message; >>>>>>>>>>>> >>>>>>>>>>>> fulwood@linux-uw5l:~> sudo >>>>>>>>>>>> sudo: effective uid is not 0, is sudo installed setuid root >>>>>>>>>>>> >>>>>>>>>>>> fulwood@linux-uw5l:~> su >>>>>>>>>>>> Password: >>>>>>>>>>>> su: incorrect password >>>>>>>>>>>> >>>>>>>>>>>> This means, there is a problem concerning uid treatment in the >>>>>>>>>>>> enlightenment, doesn't it. >>>>>>>>>>>> >>>>>>>>>>>> Moreover, VirtualBox indicate the problem of enlightenment >>>>>>> directly; >>>>>>>>>>>> >>>>>>>>>>>> fulwood@linux-uw51:~> VirtualBox >>>>>>>>>>>> >>>>>>>>>>>> VirtualBox: Error -10 in SUPRHardenedMain! >>>>>>>>>>>> VirtualBox: Effective UID is not root (euid=1000, egid=100, >>>>>>> uid=1000, >>>>>>>>>>>> gid=100) >>>>>>>>>>>> VirtualBox: Tip! It may help to reintall VirtualBox. >>>>>>>>>>>> >>>>>>>>>>>> Why does uid=1000? >>>>>>>>>>> >>>>>>>>>>> that's a common uid to start with for users added to a system - >>>>>>> first >>>>>>>>>>> user added commonly is uid 1000... that's probably ... you. >>>>>>>>>>> >>>>>>>>>>>> So, we can't use enlightenment on the kernel 4.11. >>>>>>>>>>> >>>>>>>>>>> from the above it seems like since you compiled your own kernel >>> it >>>>>>>>>>> seemingly has disabled setuid root binaries. i assume this is >>> some >>>>>>> new >>>>>>>>>>> feature of kernels since 4.11 that has been turned on. i suggest >>>>>>> you >>>>>>>>>>> turn it off to allow them again. your kernel broke far more than >>>>>>>>>>> enlightenment. it broke sudo. probably even broke su. it broke >>>>>>>>>>> virtualbox... it broke stuff. what that option is - i don't know. >>>>>>> this >>>>>>>>>>> is news to me. >>>>>>>>>> >>>>>>>>>> Just for the record I'd like to add that I observe the same >>>> behavior. >>>>>>>>>> >>>>>>>>>> Since switching from 4.9 to 4.11 yesterday I cannot do suid >>>> requiring >>>>>>>>>> operations (like su or mount.cifs) from within E (using >>> terminology >>>>>>> or >>>>>>>>>> xterm) any more. Interestingly, if I am right at the console (so >>> no >>>>>>> Xorg >>>>>>>>>> and e in-between) all those commands work like a charm. >>>>>>>>>> >>>>>>>>>> I could not find any setuid related option in the kernel >>>>>>> configuration >>>>>>>>>> so I cannot really imagine where it is misconfigured. >>>>>>>> >>>>>>>>> it'll likely be some security option that ends up doing this for >>>> child >>>>>>>>> processes ... whatever/however it is... but its certainly a change >>> in >>>>>>> the >>>>>>>>> kernel and "security options" of some sort. >>>>>>>> >>>>>>>> But, why the kernel's change has an impact on enlightenment only? >>>>>>>> On e16 and kde-plasma, no impact. >>>>>>> >>>>>>> neither controls cpu frequency/governor or don't use setuid root >>>> binaries >>>>>>> or >>>>>>> they come from packages with specific selinux rules to allow setuid >>>> root >>>>>>> binaries... or something. but it's a kernel change that creates the >>>> issue. >>>>>>> what >>>>>>> - i don't know. ask your friendly neighbourhood kernel developer. the >>>>>>> setuid >>>>>>> root binaries are specifically erroring out unable to assume root >>> privs >>>>>>> where >>>>>>> they could before. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> ------------- Codito, ergo sum - "I code, therefore I am" >>>> -------------- >>>>>>> The Rasterman (Carsten Haitzler) ras...@rasterman.com >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------ >>>>>>> ------------------ >>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>> _______________________________________________ >>>>>>> enlightenment-devel mailing list >>>>>>> enlightenment-devel@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>>>>> >>>>>> ------------------------------------------------------------ >>>> ------------------ >>>>>> Check out the vibrant tech community on one of the world's most >>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>> _______________________________________________ >>>>>> enlightenment-devel mailing list >>>>>> enlightenment-devel@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>>>> >>>>> >>>>> >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> enlightenment-devel mailing list >>>> enlightenment-devel@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> enlightenment-devel mailing list >>> enlightenment-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel >>> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> enlightenment-devel mailing list >> enlightenment-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
