Sound not accessible to non root users anymore

Tomas Mraz tmraz at redhat.com
Wed Sep 5 07:55:12 UTC 2007


On Wed, 2007-09-05 at 10:42 +0000, Boyan wrote:
> Tomas Mraz wrote:
> > On Thu, 2007-08-30 at 15:30 +0300, Boyan wrote:
> >> root at b:~# setfacl -m u:b:rw /dev/snd/*
> >> setfacl: /dev/snd/controlC0: Operation not supported
> >> setfacl: /dev/snd/pcmC0D0c: Operation not supported
> >> setfacl: /dev/snd/pcmC0D0p: Operation not supported
> >> setfacl: /dev/snd/pcmC0D1c: Operation not supported
> >> setfacl: /dev/snd/pcmC0D2c: Operation not supported
> >> setfacl: /dev/snd/pcmC0D3c: Operation not supported
> >> setfacl: /dev/snd/pcmC0D4p: Operation not supported
> >> setfacl: /dev/snd/seq: Operation not supported
> >> setfacl: /dev/snd/timer: Operation not supported
> >>
> >>
> >> Anything more conventional excluding doing chown every time?
> >> I'm the only one using this computer. I'm wondering what was the
> >> problem with the old and working way...
> > You can keep /etc/security/console.perms.d/50-default.perms from older
> > pam package releases. pam_console module is still in pam configs so it
> > will work. I don't think that the module will be removed from the
> > configs for F8 but for F9 it probably will so you should change your
> > kernel to support ACLs on tmpfs anyway.
> > 
> > As for the reasons why we cannot keep the old working way:
> > https://bugzilla.redhat.com/show_bug.cgi?id=259141#c3
> 
> OK, compiled the kernel with ACLs for tmpfs.
> As you said I started hald, which required dbus:
> 
> b at b:~$ /etc/init.d/messagebus status
> dbus-daemon (pid 2268) is running...
> b at b:~$ /etc/init.d/haldaemon status
> hald (pid 2414) is running...
> 
> 
> but the thing is that the whole this is more complicated than just
> chown the devices because after every reboot the ACLs are again reset.
> The point is that /dev is recreated every time and there is no way
> the ACLs after reboot to survive. Perhaps this is the role of hald
> and dbus, but how to configure them? Maybe the program requesting
> access to those devices should be communicating with dbus and hald?
> What about the simple programs which does not do that?
> If someone knows where to look, that would be great.

The hald should add the ACLs on behalf of ConsoleKit. If you use gdm for
login, it should call ConsoleKit through dbus. Also the text console
login should contain 'session    optional     pam_ck_connector.so' in
its PAM configuration (/etc/pam.d/login) so the ACLs are assigned on
text console logins as well.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb




More information about the fedora-test-list mailing list