videofe must be run as root or it doesn't work
|Status:||Closed||Start date:||16 Dec 2014|
|Category:||04 - Applications|
|Severity:||03 - Medium|
If I make videofe a privileged app it works. If I don't, it fails.
If I run omxplayer from a terminal which has been run as user nobody then it works.
This leads me to believe that the problem is that the wrapping xterm for omxplayer is causing the problem when run as user nobody. The xterm is run as group nobody but the terminal has a supplementary group of root.
It's possible the problem is the xterm wrapper doesn't have a proper path for omxplayer when run as user nobody.
RM #417: Fix permissions and ownership of installed files to match launcher requirements.
RM #417: Fix ownership of /dev/vchiq so omxplayer can access when it's run as the user nobody.
#1 Updated by Hammel over 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 50
I ran various tests and finally, after using strace to run omxplayer, I found that the problem was that omxplayer couldn't open /dev/vchiq, which was root.root and 660. If I changed this device to group nobody then omxplayer worked when videofe was run as nobody.nobody.
So now the question is: should I change the group to nobody for vchiq, change the perms to 664 (if that works) or create a completely different user for that device? If changing it to 664 is enough, that would be the best solution. I don't know if I need write access to the device for omxplayer.
If that doesn't work I think just switching to group nobody would be sufficient. That can be done as part of the postinstall for the omxplayer package.
Note: just tried 644 @ root.root and it failed. So the group has to be nobody.
#3 Updated by Hammel over 4 years ago
- Status changed from In Progress to Closed
- % Done changed from 60 to 100
The fix is to change /etc/mdev.conf in the core to include the following line:
vchiq root:nobody 660
I've tested this on the target and it works. Change committed in pibox core and pushed upstream.