[mythtv-users] Re: Suid root, but mythtv complains that it isn't.

Tom Hughes tom at compton.nu
Sun Jan 9 06:06:20 EST 2005


In message <09c3eb254d.tom at loxley.compton.nu>
          Tom Hughes <tom at compton.nu> wrote:

> In message <20041224122635.GB8056 at neu.nirvana>
>           Axel Thimm <Axel.Thimm at ATrpms.net> wrote:
> 
> > On Thu, Dec 23, 2004 at 10:04:41PM +0000, Tom Hughes wrote:
> > > In message <20041223213955.GB25286 at main.templetons.com>
> > >           Brad Templeton <brad+myth at templetons.com> wrote:
> > > 
> > > > I have mythfrontend owned by root and set to run suid.   However,
> > > > when i run it it reports:
> > > > 
> > > > pthread-setschedparam: Operation not permitted
> > > > Running as SUID root would allow some threads to run with realtime...
> > > 
> > > Same here. I have to actually run it as root to make that message
> > > go away. I assume it must be giving up privileges too early.
> > 
> > what about selinux? Did you try turning it off (selinux=0 in the
> > kernel command line)? If that helps then having mythtv running suid
> > will requires writing policies for it. :/
> 
> That does appear to fix it, yes. There were none of the usual selinux
> warnings in the system log though or I would have tried that.

I have no idea why I thought that - turning of selinux definitely
doesn't fix this at all.

The problem appears to be that the kernel now implements setuid
properly so that it changes the UID of the process rather than just
the current thread so it isn't possible to have a privileged thread
anymore.

Basically the whole scheme only worked because threads on linux
are effectively processes at the kernel level and certain system
calls didn't properly take account of that, including setuid.

Tom

-- 
Tom Hughes (tom at compton.nu)
http://www.compton.nu/


More information about the mythtv-users mailing list