[gentoo-user] HAL permissions? (k3b sees no device at all)

[gentoo-user] HAL permissions? (k3b sees no device at all)

[meino.cramer]

[-- Attachment #1: Type: text/plain, Size: 1075 bytes --]

Hi,

 while installing my 64bit Gentoo on base on the configuration
 of 32bit system I came across the problem, that k3b did not
 see any devices.

 HAD was running, butL: When "hal-devices" was executed as user "no
 devices found" (none! not single!) was reported, while executing the
 same command as root works fine. With strace I found that this was
 due to permissions problems dbus has.

 I "fixed" this by removing a section (found by diffing a
 configuration of and old but working version of dbus) from
 /etc/dbus-1/system.conf, without really knowing the impact.

 Now "hal-devices" also reports to a normal user.

 I added both system.conf files for your information to this email.

 "org.system.conf" is the file, which was originally installed and
 which does not work. "system.conf" is the hacked one, which work,
 but which may do other things (currently unkonw to me) things wrong.

 What is the correct way to fix permission problems 
 (or access rights) in conjunction with dbus the correct way?

 Thank you for your help in advance!

 Best regards,
 mcc



[-- Attachment #2: system.conf --]
[-- Type: text/plain, Size: 2748 bytes --]

<!-- This configuration file controls the systemwide message bus.
     Add a system-local.conf and edit that rather than changing this 
     file directly. -->

<!-- Note that there are any number of ways you can hose yourself
     security-wise by screwing up this file; in particular, you
     probably don't want to listen on any more addresses, add any more
     auth mechanisms, run as a different user, etc. -->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>

  <!-- Our well-known bus type, do not change this -->
  <type>system</type>

  <!-- Run as special user -->
  <user>messagebus</user>

  <!-- Fork into daemon mode -->
  <fork/>

  <!-- We use system service launching using a helper -->
  <standard_system_servicedirs/>

  <!-- This is a setuid helper that is used to launch system services -->
  <servicehelper>/usr/libexec/dbus-daemon-launch-helper</servicehelper>

  <!-- Write a pid file -->
  <pidfile>/var/run/dbus.pid</pidfile>

  <!-- Only allow socket-credentials-based authentication -->
  <auth>EXTERNAL</auth>

  <!-- Only listen on a local socket. (abstract=/path/to/socket 
       means use abstract namespace, don't really create filesystem 
       file; only Linux supports this. Use path=/whatever on other 
       systems.) -->
  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>

  <policy context="default">
    <!-- Deny everything then punch holes -->
    <deny send_interface="*"/>
    <deny receive_interface="*"/>
    <deny own="*"/>
    <!-- But allow all users to connect -->
    <allow user="*"/>
    <!-- Allow anyone to talk to the message bus -->
    <!-- FIXME I think currently these allow rules are always implicit 
         even if they aren't in here -->
    <allow send_destination="org.freedesktop.DBus"/>
    <allow receive_sender="org.freedesktop.DBus"/>
    <!-- valid replies are always allowed -->
    <allow send_requested_reply="true"/>
    <allow receive_requested_reply="true"/>
    <!-- disallow changing the activation environment of system services -->
    <deny send_destination="org.freedesktop.DBus"
          send_interface="org.freedesktop.DBus"
          send_member="UpdateActivationEnvironment"/>
  </policy>

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->
  <includedir>system.d</includedir>

  <!-- This is included last so local configuration can override what's 
       in this standard file -->
  <include ignore_missing="yes">system-local.conf</include>

  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>

</busconfig>

[-- Attachment #3: org.system.conf --]
[-- Type: text/plain, Size: 2990 bytes --]

<!-- This configuration file controls the systemwide message bus.
     Add a system-local.conf and edit that rather than changing this 
     file directly. -->

<!-- Note that there are any number of ways you can hose yourself
     security-wise by screwing up this file; in particular, you
     probably don't want to listen on any more addresses, add any more
     auth mechanisms, run as a different user, etc. -->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>

  <!-- Our well-known bus type, do not change this -->
  <type>system</type>

  <!-- Run as special user -->
  <user>messagebus</user>

  <!-- Fork into daemon mode -->
  <fork/>

  <!-- We use system service launching using a helper -->
  <standard_system_servicedirs/>

  <!-- This is a setuid helper that is used to launch system services -->
  <servicehelper>/usr/libexec/dbus-daemon-launch-helper</servicehelper>

  <!-- Write a pid file -->
  <pidfile>/var/run/dbus.pid</pidfile>

  <!-- Enable logging to syslog -->
  <syslog/>

  <!-- Only allow socket-credentials-based authentication -->
  <auth>EXTERNAL</auth>

  <!-- Only listen on a local socket. (abstract=/path/to/socket 
       means use abstract namespace, don't really create filesystem 
       file; only Linux supports this. Use path=/whatever on other 
       systems.) -->
  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>

  <policy context="default">
    <!-- All users can connect to system bus -->
    <allow user="*"/>

    <!-- Holes must be punched in service configuration files for
         name ownership and sending method calls -->
    <deny own="*"/>
    <deny send_type="method_call"/>

    <!-- Signals and reply messages (method returns, errors) are allowed
         by default -->
    <allow send_type="signal"/>
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>

    <!-- All messages may be received by default -->
    <allow receive_type="method_call"/>
    <allow receive_type="method_return"/>
    <allow receive_type="error"/>
    <allow receive_type="signal"/>

    <!-- Allow anyone to talk to the message bus -->
    <allow send_destination="org.freedesktop.DBus"/>
    <!-- But disallow some specific bus services -->
    <deny send_destination="org.freedesktop.DBus"
          send_interface="org.freedesktop.DBus"
          send_member="UpdateActivationEnvironment"/>
  </policy>

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->
  <includedir>system.d</includedir>

  <!-- This is included last so local configuration can override what's 
       in this standard file -->
  <include ignore_missing="yes">system-local.conf</include>

  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>

</busconfig>

Re: [gentoo-user] HAL permissions? (k3b sees no device at all)

[Andrés Becerra Sandoval]

[-- Attachment #1: Type: text/plain, Size: 1451 bytes --]

On Tue, Sep 14, 2010 at 7:06 PM, <meino.cramer@gmx.de> wrote:

> Hi,
>
>  while installing my 64bit Gentoo on base on the configuration
>  of 32bit system I came across the problem, that k3b did not
>  see any devices.
>
>  HAD was running, butL: When "hal-devices" was executed as user "no
>  devices found" (none! not single!) was reported, while executing the
>  same command as root works fine. With strace I found that this was
>  due to permissions problems dbus has.
>
>  I "fixed" this by removing a section (found by diffing a
>  configuration of and old but working version of dbus) from
>  /etc/dbus-1/system.conf, without really knowing the impact.
>
>  Now "hal-devices" also reports to a normal user.
>
>  I added both system.conf files for your information to this email.
>
>  "org.system.conf" is the file, which was originally installed and
>  which does not work. "system.conf" is the hacked one, which work,
>  but which may do other things (currently unkonw to me) things wrong.
>
>  What is the correct way to fix permission problems
>  (or access rights) in conjunction with dbus the correct way?
>
>  Thank you for your help in advance!
>
>  Best regards,
>  mcc
>
>
>

Hello,

I had the same problem before migrating my kernel to use ATA instead of
deprecated IDE support for disks and cd/dvd drives. After migration,
everything is working just fine.

-- 
  Andrés Becerra Sandoval

[-- Attachment #2: Type: text/html, Size: 1912 bytes --]

Re: [gentoo-user] HAL permissions? (k3b sees no device at all)

[meino.cramer]

Andr??s Becerra Sandoval <andres.becerra@gmail.com> [10-09-15 18:25]:
> On Tue, Sep 14, 2010 at 7:06 PM, <meino.cramer@gmx.de> wrote:
> 
> > Hi,
> >
> >  while installing my 64bit Gentoo on base on the configuration
> >  of 32bit system I came across the problem, that k3b did not
> >  see any devices.
> >
> >  HAD was running, butL: When "hal-devices" was executed as user "no
> >  devices found" (none! not single!) was reported, while executing the
> >  same command as root works fine. With strace I found that this was
> >  due to permissions problems dbus has.
> >
> >  I "fixed" this by removing a section (found by diffing a
> >  configuration of and old but working version of dbus) from
> >  /etc/dbus-1/system.conf, without really knowing the impact.
> >
> >  Now "hal-devices" also reports to a normal user.
> >
> >  I added both system.conf files for your information to this email.
> >
> >  "org.system.conf" is the file, which was originally installed and
> >  which does not work. "system.conf" is the hacked one, which work,
> >  but which may do other things (currently unkonw to me) things wrong.
> >
> >  What is the correct way to fix permission problems
> >  (or access rights) in conjunction with dbus the correct way?
> >
> >  Thank you for your help in advance!
> >
> >  Best regards,
> >  mcc
> >
> >
> >
> 
> Hello,
> 
> I had the same problem before migrating my kernel to use ATA instead of
> deprecated IDE support for disks and cd/dvd drives. After migration,
> everything is working just fine.
> 
> -- 
>   Andrés Becerra Sandoval

Hi,

Thanks fpr your reply ! :)

I am using a IDE to USB bridge which connect my (older) IDE-based
burner to my USB port...

Its seems, no ATA/IDE driver is involved ?!

Best regards,
mcc

Re: [gentoo-user] HAL permissions? (k3b sees no device at all)

[Paul Hartman]

On Thu, Sep 16, 2010 at 10:21 PM,  <meino.cramer@gmx.de> wrote:
> I am using a IDE to USB bridge which connect my (older) IDE-based
> burner to my USB port...
>
> Its seems, no ATA/IDE driver is involved ?!

Probably is using some combination of things like SCSI generic, USB
mass storage, etc.

Re: [gentoo-user] HAL permissions? (k3b sees no device at all)

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 482 bytes --]

Am 15.09.2010 02:06, schrieb meino.cramer@gmx.de:
> Hi,
> 
>  while installing my 64bit Gentoo on base on the configuration
>  of 32bit system I came across the problem, that k3b did not
>  see any devices.
> 
[...]

There is a "cdrw" group in /etc/group. Try to add your user to that
group. You might also try the cdrom, disk and plugdev group.

After changing your groups, you have to log out and back in to apply the
changes.

Hope this helps,
Florian Philipp


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]