[BRLTTY] BRLTTY, systemd and unprivileged user
Aura Kelloniemi
kaura.dev at sange.fi
Sat Aug 22 01:57:33 EDT 2020
Hello
I have tried to run BRLTTY using its current systemd units (from git head).
These are the issues I'm facing:
BRLTTY changes to user brltty:brltty, but for some reason the capability
assignments don't work and the process is non-functional. I have not found a
way to prevent BRLTTY from changing the user without deleting the user or
passing --with-privilege-parameters to configure. I would like to have a way o
disable the UIDchange, something like --privilege-parameters=lx:user= on
BRLTTY command line.
When I manage to run BRLTTY as root, it changes to the directory
/var/run/brltty and tries to create device nodes there. However, /var/run is
mounted with nodev flag by systemd, because of security reasons. As a result,
BRLTTY does not have access to screen contents (or any other devices). I fixed
this temporarily by setting writable-directory to /root/brltty-runtime/ brltty.conf.
When I attach my display using USB, a new BRLTTY process is started, but
because it cannot access the screen contents, it is stopped again, and
restarted. This process of starting and stopping loops endlessly. For some
reason the writable-directory option that I configured in brltty.conf does not
seem to take effect. Also it is not possible to disable executing these units,
nor can they be stopped manually with systemctl.
systemd complains that brltty at .service depends on systemd-udev-settle.service
which is deprecated, and should no more be used.
This is a bit vague bug report, but I can try to give out more information as
needed. However, it is a bit difficult to debug this issue, because it is
BRLTTY startup that fails, and because I cannot run BRLTTY in a virtualized
ccontainer. I'm also not an expert when it comes to capabilities or systemd.
My systemd version is 246 (246.2-2-arch)
Build features: +PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN
+PCRE2 default-hierarchy=hybrid
--
Aura
More information about the BRLTTY
mailing list