Alexander Pyhalov писал 11.03.2016 23:15:
Here's the new version :
https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
...
Needs some more testing (so far didn't try to write CDs, just looked
at ppriv output).
I've just tested it. cdrecord needs to be
Here's the new version :
https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
What is changed:
- now we use pfexec to run brasero and sound juicer;
- we don't care if user runs with EUID 0, it's his own difficulties;
so far this works with sudo, but fails
So, what about the latest version + recommendation to never use Primary
Administrator for desktop user ? :)
On 03/11/2016 15:18, Peter Tribble wrote:
On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote:
Please, review:
On 03/11/2016 15:43, Alexander Pyhalov wrote:
The issue is that we want to give these programs sys_devices priveleges.
Is there good way to do this without using pfexec?
"pfexec -P sys_devices something" doesn't seem to work.
"pfexec ppriv -s L=basic,sys_devices something" works better, but
On 03/11/2016 15:18, Peter Tribble wrote:
On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote:
The problem I see with using pfexec is that bad things happen if the user
has some other profiles or privileges, so you end up giving those programs
rights they don't need. For
On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote:
> Please, review:
> https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
>
> Issues: https://www.illumos.org/issues/6728
> https://www.illumos.org/issues/5633
>
>
> The issue is
Please, review:
https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec
Issues: https://www.illumos.org/issues/6728
https://www.illumos.org/issues/5633
The issue is that glib incorrectly detects pfexec usage as setuid
program (even when pfexec