[OpenIndiana-discuss] JDS: USB automount problem

Predrag Zecevic [Unix Systems Administrator] predrag.zecevic at 2e-systems.com
Fri Nov 29 15:33:48 UTC 2013


Hi Jim,

I have added 'Solarix' as profile to my user record in /etc/user_attr 
file...

Your idea looks OK:

$ pfexec svcprop -p start/privileges hal
svcprop: Couldn't find property `start/privileges' for instance 
`svc:/system/hal:default'.

Let me try:
$ pfexec svccfg -s hal setprop start/privileges = astring: basic,sys_mount
$ pfexec svcadm refresh hal
$ pfexec svcadm restart hal

$ pfexec svcprop -p start/privileges hal
basic,sys_mount


But, after USB has beene inserted:
---8<------</var/adm/messages>---
Nov 29 16:23:20 solarix usba: [ID 912658 kern.info] USB 2.0 device 
(usb1307,165) operating at hi speed (USB 2.x) on USB 2.0 root hub: 
storage at 4, scsa2usb0 at bus address 2
Nov 29 16:23:20 solarix usba: [ID 349649 kern.info]     USBest 
Technology  Mass Storage Device 000000000003EA
Nov 29 16:23:20 solarix genunix: [ID 936769 kern.info] scsa2usb0 is 
/pci at 0,0/pci1028,23d at 1d,7/storage at 4
Nov 29 16:23:20 solarix genunix: [ID 408114 kern.info] 
/pci at 0,0/pci1028,23d at 1d,7/storage at 4 (scsa2usb0) online
Nov 29 16:23:20 solarix scsi: [ID 583861 kern.info] sd0 at scsa2usb0: 
target 0 lun 0
Nov 29 16:23:20 solarix genunix: [ID 936769 kern.info] sd0 is 
/pci at 0,0/pci1028,23d at 1d,7/storage at 4/disk at 0,0
Nov 29 16:23:20 solarix genunix: [ID 408114 kern.info] 
/pci at 0,0/pci1028,23d at 1d,7/storage at 4/disk at 0,0 (sd0) online
Nov 29 16:23:20 solarix unix: [ID 954099 kern.info] NOTICE: IRQ19 is 
being shared by drivers with different interrupt levels.
Nov 29 16:23:20 solarix This may result in reduced system performance.
Nov 29 16:23:20 solarix unix: [ID 954099 kern.info] NOTICE: IRQ19 is 
being shared by drivers with different interrupt levels.
Nov 29 16:23:20 solarix This may result in reduced system performance.
Nov 29 16:23:48 solarix last message repeated 5 times
Nov 29 16:23:52 solarix genunix: [ID 864859 kern.notice] NOTICE: 
dbus-daemon[1923]: missing privilege "proc_audit" (euid = 1961, syscall 
= 186) needed at secpolicy_audit_getattr+0x4c
Nov 29 16:23:53 solarix last message repeated 2 times
Nov 29 16:23:53 solarix genunix: [ID 864859 kern.notice] NOTICE: 
dbus-daemon[1923]: missing privilege "proc_audit" (euid = 1961, syscall 
= 186) needed at secpolicy_audit_getattr+0x4c
Nov 29 16:23:53 solarix last message repeated 2 times
Nov 29 16:23:53 solarix genunix: [ID 864859 kern.notice] NOTICE: 
gvfsd-computer[2719]: missing privilege "proc_audit" (euid = 1961, 
syscall = 186) needed at secpolicy_audit_getattr+0x4c
---8<---

i have another set of missing privileges and programs.
It looks to me, this approach will lead to solution...

Now:
$ pfexec svcs -p svc:/system/dbus:default
STATE          STIME    FMRI
online         13:01:32 svc:/system/dbus:default
                13:01:32      290 dbus-daemon

### This ALSO need some start/privileges ?

$ pfexec svcprop -p start/privileges svc:/system/dbus:default
svcprop: Couldn't find property `start/privileges' for instance 
`svc:/system/dbus:default'.

And for gvfsd-computer I am not sure what to do:
$ pkg search gvfsd-computer
INDEX      ACTION VALUE                  PACKAGE
basename   file   usr/lib/gvfsd-computer 
pkg:/library/gnome/gvfs at 0.5.11-0.151.1.8

It could be that gdm is starting it?
$ pfexec svcs -p gdm
STATE          STIME    FMRI
online         13:02:06 svc:/application/graphical-login/gdm:default
                13:02:06     1540 gdm-binary

$ svcprop -p start/privileges gdm
svcprop: Couldn't find property `start/privileges' for instance 
`svc:/application/graphical-login/gdm:default'.

So, may i AT ALL use similar logic here?

Regards.


On 11/29/13 16:14, Jim Klimov wrote:
> See below
>
> On 2013-11-29 15:46, Predrag Zecevic [Unix Systems Administrator] wrote:
>> Hi,
>>
>> I cannot mount USB devices anymore in my /hipster installation (I mean
>> automatically mount withing JDS/GNOME).
>  > ...
>> Nov 29 15:04:00 solarix genunix: [ID 864859 kern.notice] NOTICE:
>> hald-addon-stora[2482]: missing privilege "sys_mount" (euid = 0, syscall
>> = 255) needed at secpolicy_fs_owner+0x2e
>>
>> It looks like hald-addon-storage has some privilege problems, so I have
>> added it (Profile is called 'Solarix' and I am trying to get collected
>> there all missing privileges - plenty of them). But for now, I would
>> like to focus on this one:
>> /etc/security/exec_attr:Solarix:solaris:cmd:::/usr/lib/hal/hald-addon-storage:privs=sys_mount
>>
>>
>>
>> What else I have to check/change 0 what I am missing?
>
> How do you then reference the "Solarix" profile?
>
> I'd say that you need to look into the "hal" service definition:
> root at openindiana:~# ps -ef | grep hal
>      root   359   297   0   Nov 27 ?           0:12
> /usr/lib/hal/hald-addon-acpi
>      root   397   297   0   Nov 27 ?           0:00
> /usr/lib/hal/hald-addon-storage
>      root   297   290   0   Nov 27 ?           0:00 hald-runner
>      root   344   297   0   Nov 27 ?           0:00
> /usr/lib/hal/hald-addon-network-discovery
>      root   346   297   0   Nov 27 ?           0:00
> /usr/lib/hal/hald-addon-cpufreq
>      root   290     1   0   Nov 27 ?           0:08 /usr/lib/hal/hald
> --daemon=yes
>
> root at openindiana:~# svcs -p hal
> STATE          STIME    FMRI
> online         Nov_27   svc:/system/hal:default
>                 Nov_27        290 hald
>                 Nov_27        297 hald-runner
>                 Nov_27        344 hald-addon-netw
>                 Nov_27        346 hald-addon-cpuf
>                 Nov_27        359 hald-addon-acpi
>                 Nov_27        397 hald-addon-stor
>
> Here we see that hald-addon-storage is spawned by hald-runner by hald,
> and they all are part of the "hal" SMF service. You might need to add
> the privileges involved to the startup method as part of its context,
> i.e.
>
> svccfg -s hal setprop start/privileges = astring: basic,sys_mount
> svcadm refresh hal
> svcadm restart hal
>
> Would this help?
> HTH,
> //Jim
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>

-- 
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic at 2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                       65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
You could live a better life, if you had a better mind and a better body.



More information about the OpenIndiana-discuss mailing list