Please, review:
https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
Issues: https://www.illumos.org/issues/6728
https://www.illumos.org/issues/5633
The issue is that glib incorrectly detects pfexec usage as setuid
program (even when pfexec doesn't change euid). So, it refuses to launch
dbus - https://github.com/GNOME/glib/blob/master/gio/gdbusaddress.c#L1060
We heal it by falling back to euid/uid comparison. We also use pfexec to
launch brasero and sound-juicer.
After
https://github.com/OpenIndiana/oi-userland/commit/9f0f786ce02ff7a120952fa34888cdcca5b8469d
console user (Console User) should have "Desktop Removable Media User"
profile and have sys_devices privileges, necessary for brasero and sound
juicer (which uses brasero libraries) to work with CD devices.
I'm a bit concerned about unexpected security issues which it could cause...
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department
_______________________________________________
oi-dev mailing list
[email protected]
http://openindiana.org/mailman/listinfo/oi-dev
