[OpenIndiana-discuss] UPDATE: Xorg missing privileges

Predrag Zecevic - Unix Systems Administrator predrag.zecevic at 2e-systems.com
Fri Oct 23 09:48:12 UTC 2020 

On 10/23/20 11:37, Predrag Zecevic - Unix Systems Administrator wrote:
> Hi all,
> 
> This is pretty annoying: Xorg fills in syslog with messages like:
> 
> [2020-10-23 10:15:03] solarix genunix: [ID 864859 kern.notice] NOTICE: 
> Xorg[1075]: missing privilege "sys_devices" (euid = 2903, syscall = 54) 
> needed at drv_priv+0x1d#012
> 
> euid is my UID:
> :; id
> uid=2903(predrag_zecevic) gid=1961(admin) groups=1961(admin),1962(vboxuser)
> 
> For today only:
> 
> :; grep -E "2020-10-23.*Xorg.*missing privilege" /var/adm/messages | awk 
> '{printf("%s\n", $12)}' | sort | uniq -c | sort -rn
>    75750 "sys_devices"
>      173 "file_dac_search"
>        4 "proc_owner"
>        2 "file_dac_read"
> 
> What has to be added to /etc/security/exec_attr.d/SOME_FILE to prevent 
> this?
> 
> Any suggestion?
> Thanks in advance
> 
> Regards.
> 
> 

I have tried this:
:; ppriv -S $(pgrep Xorg)
1075:   /usr/bin/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 
-nolisten
flags = <none>
         E: basic
         I: basic
         P: all
         L: all

Changed:
:; pfexec ppriv -s +file_dac_search $(pgrep Xorg)
:; pfexec ppriv -s +sys_devices $(pgrep Xorg)
:; pfexec ppriv -s +proc_owner $(pgrep Xorg)
:; pfexec ppriv -s +file_dac_read $(pgrep Xorg)

Checked:
:; ppriv -S $(pgrep Xorg)
1075:   /usr/bin/Xorg :0 -seat seat0 -auth /var/run/lightdm/root/:0 
-nolisten
flags = <none>
         E: basic,file_dac_read,file_dac_search,proc_owner,sys_devices
         I: basic,file_dac_read,file_dac_search,proc_owner,sys_devices
         P: all
         L: all

And errors written to syslog has stopped. What is still annoying, this 
does not survive reboot, so question is still there: what to put to 
/etc/security/exec_attr.d/SOME_FILE to handle it permanently?

Regards.

-- 
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag.zecevic at 2e-systems.com

headquarter: 2e Systems GmbH, Koenigsteiner Str. 87, 65812 Bad Soden am 
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

More information about the openindiana-discuss mailing list