Hello,
I'm currently experimenting with OpenPGP smartcards. For those, I
need sys-apps/pcsc-lite, which features a daemon (pcscd). This daemon
has its own user and doesn't run with root permissions. However, it
needs to access some files in /sys which are only accessible by root
due to GRKERNSEC_SYSFS_RESTRICT.
I went with the following solution:
chown root:pcscd /usr/sbin/pcscd
chmod 0710 /usr/sbin/pcscd
filecap /usr/sbin/pcscd dac_read_search
Should I just propose the maintainer to add this to the ebuild
(conditional on a "hardened" USE flag), or would another course of
action be preferred?
Regards,
Luis Ressel
--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
I'm currently experimenting with OpenPGP smartcards. For those, I
need sys-apps/pcsc-lite, which features a daemon (pcscd). This daemon
has its own user and doesn't run with root permissions. However, it
needs to access some files in /sys which are only accessible by root
due to GRKERNSEC_SYSFS_RESTRICT.
I went with the following solution:
chown root:pcscd /usr/sbin/pcscd
chmod 0710 /usr/sbin/pcscd
filecap /usr/sbin/pcscd dac_read_search
Should I just propose the maintainer to add this to the ebuild
(conditional on a "hardened" USE flag), or would another course of
action be preferred?
Regards,
Luis Ressel
--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD