Isn't there any mount option that you can pass so that all members of a certain group can still access sysfs? Perhaps "gid="?
Wkr, Sven Vermeulen On Sun, Feb 9, 2014 at 1:35 PM, Luis Ressel <[email protected]> wrote: > Hello, > > > I'm currently experimenting with OpenPGP smartcards. For those, I > need sys-apps/pcsc-lite, which features a daemon (pcscd). This daemon > has its own user and doesn't run with root permissions. However, it > needs to access some files in /sys which are only accessible by root > due to GRKERNSEC_SYSFS_RESTRICT. > > I went with the following solution: > chown root:pcscd /usr/sbin/pcscd > chmod 0710 /usr/sbin/pcscd > filecap /usr/sbin/pcscd dac_read_search > > Should I just propose the maintainer to add this to the ebuild > (conditional on a "hardened" USE flag), or would another course of > action be preferred? > > > Regards, > Luis Ressel > > > -- > Luis Ressel <[email protected]> > GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
