X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail-la0-f44.google.com (mail-la0-f44.google.com [209.85.215.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id EAA08DC01C6 for ; Sat, 19 Jul 2014 12:38:09 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id e16so3621029lan.17 for ; Sat, 19 Jul 2014 05:38:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=j6m0Rm53+Lo2JWS96gSs8rnSYEAYHkOrhndwm/JTzGA=; b=tdGRIBkPx/49YfpInN6HCku/clTtdi2PMho90WYD9na4XfIREYXruXeGubO0YPsTnQ 168hydAxXF/zqoIV+KzqfVDO3KNEaKh6nC/aBuUd30Sw8EwWuGpJfMWeLxEjhnCyg+Tl 0puIvVTbyjkDYywL+/1Kxf3z+kII9k4KozGSSRoG3xIZarGt+l9hq3tiIUMt05Re6Wcy cv8AuXZfajzuJU9DCo2XNeK9TtInocIurxoj5kQSACd+Zkicy4ElbXyYviCtw3SjwLuw NlqIa3QEIQXwSbWy3MWG/MWCiLTQeuQmmGvvgruZOaQ5CWQ1UaBWgA4ZTz92aqrLhFop A0MA== X-Received: by 10.112.138.201 with SMTP id qs9mr11161468lbb.24.1405773486938; Sat, 19 Jul 2014 05:38:06 -0700 (PDT) Received: from vostro (mail.fi.jw.org. [83.145.235.193]) by mx.google.com with ESMTPSA id t7sm6684196lat.16.2014.07.19.05.38.06 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 19 Jul 2014 05:38:06 -0700 (PDT) Sender: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Sat, 19 Jul 2014 15:38:04 +0300 From: Timo Teras To: Paul Onyschuk Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] Firefox not starting for normal user after Xorg update Message-ID: <20140719153804.0fea8fde@vostro> In-Reply-To: <20140719140541.dfcee7a97457e56d133c91bc@bojary.koba.pl> References: <20140719121811.b5989b5aa59ffcac0a40333b@bojary.koba.pl> <20140719143135.53ab1d17@vostro> <20140719140541.dfcee7a97457e56d133c91bc@bojary.koba.pl> X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.23; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sat, 19 Jul 2014 14:05:41 +0200 Paul Onyschuk wrote: > On Sat, 19 Jul 2014 14:31:35 +0300 > Timo Teras wrote: > > > I bumped into this exact same issue just yesterday. It seems to be > > grsec preventing access to /sys (by modifying the default > > permissions). And apparently the new i915 module wants to open stuff > > there. Not sure if we should patch grsec, the driver, or somehow > > adjust the /sys permissions. Should probably ask from grsec people > > what to do. > > Looking at source code of xf86-video-intel [1] functions accessing > sysfs are guarded by #ifdef __linux__ in intel_device.c (for other > system lacking sysfs e.g. *BSD). Otherwise this happens: I think that code runs only in X server? The code running as library is likely part of Mesa, which likely calls libudev. Though, I did not bother to check which is the exact place for doing the /sys stuff. I just posted the strace. See: https://forums.grsecurity.net/viewtopic.php?f=3&t=4012 And yes, the problem seems to affect GL enabled X-stuff, e.g. same issue happens video players (vlc, mpv) but only when they are using gl output module. /Timo --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---