Mailinglist Archive: opensuse-bugs (2746 mails)

< Previous Next >
[Bug 550021] cdrecord of Schily's cdrtools

--- Comment #111 from Marcus Meissner <meissner@xxxxxxxx> 2013-06-11 09:40:38
UTC ---
(Sorry for the longer delay of reply, as I had trainings, vacations and
critical other work in the last weeks and so could not concentrate on this.)

I confirmed that SCSI RESET for all target-device-bus-host requires SYS_RAWIO
currently. drivers/scsi/scsi_ioctl.c::scsi_nonblockable_ioctl()

The other 3 caps also more or less obvious increase the robustness of burning,
without a fully technical review or testing.

So following permissions will be handed out:

"easy" setting (default for openSUSE installs, so used by 99.9% of all users.)

/usr/bin/cdrecord root:root 755
+capabilities cap_sys_resource,cap_sys_nice,cap_ipc_lock,cap_sys_rawio=ep
/usr/bin/readcd root:root 755
/usr/bin/cdda2wav root:root 755

"secure" and "paranoid" setting (used by the .1% of usually security aware and
paranoid folks)
/usr/bin/cdrecord root:root 755
/usr/bin/readcd root:root 755
/usr/bin/cdda2wav root:root 755

The RPM builds in "secure" mode, so there is no need for special caps to be
list in the .spec file as none are currently given out in secure mode, so
basically the current state (r32) could be submitted.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >