Re: [oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
Alexander Pyhalov писал 11.03.2016 23:15: Here's the new version : https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec ... Needs some more testing (so far didn't try to write CDs, just looked at ppriv output). I've just tested it. cdrecord needs to be

Re: [oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
Here's the new version : https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec What is changed: - now we use pfexec to run brasero and sound juicer; - we don't care if user runs with EUID 0, it's his own difficulties; so far this works with sudo, but fails

Re: [oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
So, what about the latest version + recommendation to never use Primary Administrator for desktop user ? :) On 03/11/2016 15:18, Peter Tribble wrote: On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote: Please, review:

Re: [oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
On 03/11/2016 15:43, Alexander Pyhalov wrote: The issue is that we want to give these programs sys_devices priveleges. Is there good way to do this without using pfexec? "pfexec -P sys_devices something" doesn't seem to work. "pfexec ppriv -s L=basic,sys_devices something" works better, but

Re: [oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
On 03/11/2016 15:18, Peter Tribble wrote: On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote: The problem I see with using pfexec is that bad things happen if the user has some other profiles or privileges, so you end up giving those programs rights they don't need. For

Re: [oi-dev] glib changes review

2016-03-11 Thread Peter Tribble
On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov wrote: > Please, review: > https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec > > Issues: https://www.illumos.org/issues/6728 > https://www.illumos.org/issues/5633 > > > The issue is

[oi-dev] glib changes review

2016-03-11 Thread Alexander Pyhalov
Please, review: https://github.com/OpenIndiana/oi-userland/compare/Openindiana:oi/hipster...pyhalov:pfexec Issues: https://www.illumos.org/issues/6728 https://www.illumos.org/issues/5633 The issue is that glib incorrectly detects pfexec usage as setuid program (even when pfexec