Am Mon, Nov 18, 2024 at 04:08:49PM +0100 schrieb Winfried de Heiden: > Hi all, > > XDG_CACHE_HOME was not defined, also not after a GDM login as user root. I > added it to /root/.bash_profile. Afterwards: > > grep XDG_CACHE_HOME ~/.bash_profile > export XDG_CACHE_HOME=$HOME/.cache > > [root@minicard ~]# ls -ldZ $XDG_CACHE_HOME > drwx------. 11 root root system_u:object_r:cache_home_t:s0 158 Nov 18 15:49 > /root/.cache > > [root@minicard ~]# ls -ldZ $XDG_CACHE_HOME/opensc > drwx------. 2 root root unconfined_u:object_r:cache_home_t:s0 6 Nov 18 12:33 > /root/.cache/opensc > > [root@minicard ~]# ls -lZ $XDG_CACHE_HOME/opensc > <empty!> > > And: user the smartcard is slow once again. Put back file_cache_dir in > /etc/opensc.conf and the smart card is (more or less) fast again.
Hi, have you checked for any SELinux AVCs? bye, Sumit > > Winfried > > > Op 18-11-2024 om 15:31 schreef Sumit Bose via FreeIPA-users: > > Am Mon, Nov 18, 2024 at 02:50:09PM +0100 schrieb Winfried de Heiden: > > > Hi all, > > > > > > The tuning options as provided on > > > https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card#smart-card-reader-configuration. > > > > > > He looks however it is related to file caching. In "man 5 opensc.conf": > > > > > > If caching is done by a system process, the cached files may > > > be > > > placed inaccessible from a user account. Use a globally > > > readable > > > and writable location if you wish to share the cached > > > information. > > > Note that the cached files may contain personal data such as > > > name > > > and mail address. > > > > > > email handtekening privé It seems caching is done by GDM (user: gdm) and > > > sssd (user: root) and I added to ensure a caching directory is created > > > (and > > > removed when rebooted, nice and handy during testing) > > > > > > /etc/tmpfiles.d/opensc.conf > > > d /dev/shm/.cache/opensc 2700 gdm root - > > > > > > I also added "file_cache_dir" to /etc/opensc.conf: > > > > > > app default { > > > # debug = 3; > > > # debug_file = opensc-debug.txt; > > > framework pkcs15 { > > > use_file_caching = public; > > > file_cache_dir = /dev/shm/.cache/opensc; > > > } > > > reader_driver pcsc { > > > # The pinpad is disabled by default, > > > # because of many broken readers out there > > > enable_pinpad = false; > > > } > > > } > > > # the pkcs15-init is used for card initialization when the file > > > caching > > > # brings more trouble than use so disable that: > > > app pkcs15-init { > > > framework pkcs15 { > > > use_file_caching = no; > > > } > > > } > > > > > > It's still not bleeding fast () but it'sa shure more acceptable and > > > workable. After a reboot: > > > > > > time sudo -l; sudo -k; time sudo -l > > > PIN for MyEID-222 (MyEID-222 Basic PIN): > > > > > > User winfried may run the following commands on minicard: > > > (ALL : ALL) ALL > > > > > > real 0m8.016s > > > user 0m0.019s > > > sys 0m0.022s > > > > > > PIN for MyEID-222 (MyEID-222 Basic PIN): > > > User winfried may run the following commands on minicard: > > > (ALL : ALL) ALL > > > > > > real 0m5.428s > > > user 0m0.019s > > > sys 0m0.012s > > > > > > > > > When I remove the line "file_cache_dir", sudo -l takes ages (...) but > > > strangely there are no traces of any cache anywhere on the filesystem; no > > > wonder it is slow... > > > According to the man pages: > > > > > > Where to cache the card's files. The default values are: > > > • $XDG_CACHE_HOME/opensc/ (If $XDG_CACHE_HOME is defined) > > > • $HOME/.cache/opensc/ (Unix) > > > • $USERPROFILE\.eid-cache\ (Windows) > > > > > > But nothing is there!? Anyone got an idea whatś happening here? > > Hi, > > > > have you check if the `$XDG_CACHE_HOME` or `$HOME/.cache` directories > > exists for the root user? > > > > bye, > > Sumit > > > > > Thanks! > > > > > > Winfried > > > > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
