[BRLTTY] BRLTTY, systemd and unprivileged user

John Covici covici at ccs.covici.com
Sat Aug 22 06:15:25 EDT 2020 

Hi.  I had this problem of starting and stopping of brltty and it only
happened when the actual braille driver initialization failed.  Since,
I have no brltty user and don't want one, brltty happily runs as root
with the argument -p /run/brltty.pid.  It seems to be started by a
generated systemd unit in the  /run/systemd/units directory.  It never
tries to mount /var/run or anything like that -- anyway on my system,
/var/run is just a symlink to /run.

I hope this helps you.

On Sat, 22 Aug 2020 01:57:33 -0400,
Aura Kelloniemi wrote:
> 
> Hello
> 
> I have tried to run BRLTTY using its current systemd units (from git head).
> These are the issues I'm facing:
> 
> BRLTTY changes to user brltty:brltty, but for some reason the capability
> assignments don't work and the process is non-functional. I have not found a
> way to prevent BRLTTY from changing the user without deleting the user or
> passing --with-privilege-parameters to configure. I would like to have a way o
> disable the UIDchange, something like --privilege-parameters=lx:user= on
> BRLTTY command line.
> 
> When I manage to run BRLTTY as root, it changes to the directory
> /var/run/brltty and tries to create device nodes there. However, /var/run is
> mounted with nodev flag by systemd, because of security reasons. As a result,
> BRLTTY does not have access to screen contents (or any other devices). I fixed
> this temporarily by setting writable-directory to /root/brltty-runtime/ brltty.conf.
> 
> When I attach my display using USB, a new BRLTTY process is started, but
> because it cannot access the screen contents, it is stopped again, and
> restarted. This process of starting and stopping loops endlessly. For some
> reason the writable-directory option that I configured in brltty.conf does not
> seem to take effect. Also it is not possible to disable executing these units,
> nor can they be stopped manually with systemctl.
> 
> systemd complains that brltty at .service depends on systemd-udev-settle.service
> which is deprecated, and should no more be used.
> 
> This is a bit vague bug report, but I can try to give out more information as
> needed. However, it is a bit difficult to debug this issue, because it is
> BRLTTY startup that fails, and because I cannot run BRLTTY in a virtualized
> ccontainer. I'm also not an expert when it comes to capabilities or systemd.
> 
> My systemd version is 246 (246.2-2-arch)
> Build features: +PAM +AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN
> +PCRE2 default-hierarchy=hybrid
> 
> -- 
> Aura
> _______________________________________________
> This message was sent via the BRLTTY mailing list.
> To post a message, send an e-mail to: BRLTTY at brltty.app
> For general information, go to: http://brltty.app/mailman/listinfo/brltty
> 

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici wb2una
         covici at ccs.covici.com

More information about the BRLTTY mailing list