Project

General

Profile

Actions

Bug #417

closed

videofe must be run as root or it doesn't work

Added by Hammel about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
04 - Applications
Target version:
Start date:
16 Dec 2014
Due date:
% Done:

100%

Estimated time:
Severity:
03 - Medium

Description

If I make videofe a privileged app it works. If I don't, it fails.

If I run omxplayer from a terminal which has been run as user nobody then it works.

This leads me to believe that the problem is that the wrapping xterm for omxplayer is causing the problem when run as user nobody. The xterm is run as group nobody but the terminal has a supplementary group of root.

It's possible the problem is the xterm wrapper doesn't have a proper path for omxplayer when run as user nobody.

Actions #1

Updated by Hammel about 10 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 50

I ran various tests and finally, after using strace to run omxplayer, I found that the problem was that omxplayer couldn't open /dev/vchiq, which was root.root and 660. If I changed this device to group nobody then omxplayer worked when videofe was run as nobody.nobody.

So now the question is: should I change the group to nobody for vchiq, change the perms to 664 (if that works) or create a completely different user for that device? If changing it to 664 is enough, that would be the best solution. I don't know if I need write access to the device for omxplayer.

If that doesn't work I think just switching to group nobody would be sufficient. That can be done as part of the postinstall for the omxplayer package.

Note: just tried 644 @ root.root and it failed. So the group has to be nobody.

Actions #2

Updated by Hammel about 10 years ago

  • % Done changed from 50 to 60

I added the device file group change to the postinst script but that isn't sufficient. The /dev/vchiq device is remade on reboots by the kernel. So the init processing has to handle the device change.

Actions #3

Updated by Hammel about 10 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 60 to 100

The fix is to change /etc/mdev.conf in the core to include the following line:

vchiq           root:nobody 660

I've tested this on the target and it works. Change committed in pibox core and pushed upstream.

Closing issue.

Actions

Also available in: Atom PDF