[OpenIndiana-discuss] Xorg missing privileges

Predrag Zecevic - Unix Systems Administrator predrag.zecevic at 2e-systems.com
Mon Oct 26 08:28:18 UTC 2020 

On 10/24/20 04:43, Gary Mills wrote:
> On Fri, Oct 23, 2020 at 11:37:02AM +0200, Predrag Zecevic - Unix Systems Administrator wrote:
>>
>> This is pretty annoying: Xorg fills in syslog with messages like:
>>
>> [2020-10-23 10:15:03] solarix genunix: [ID 864859 kern.notice] NOTICE:
>> Xorg[1075]: missing privilege "sys_devices" (euid = 2903, syscall = 54)
>> needed at drv_priv+0x1d#012
> 
> I don't get those messages, either in /var/adm/messages or
> /var/log/syslog .  What are you doing that I'm not?
I have set this in /etc/system (can be done from mdb as well):
* Privileges debug: man privileges
set priv_debug = 1

> 
>> euid is my UID:
>> :; id
>> uid=2903(predrag_zecevic) gid=1961(admin) groups=1961(admin),1962(vboxuser)
> 
> The parent process of Xorg is lightdm .  It runs as root, but Xorg
> runs as the console user.  That will be you.  You may need to grant
> yourself more privileges.
If I do this:
:; pfexec ppriv -s +file_dac_search $(pgrep Xorg)
:; pfexec ppriv -s +sys_devices $(pgrep Xorg)
:; pfexec ppriv -s +proc_owner $(pgrep Xorg)
:; pfexec ppriv -s +file_dac_read $(pgrep Xorg)

Everything is fine (syslog flood stops), but that does not survive reboot.
> 
>> For today only:
>>
>> :; grep -E "2020-10-23.*Xorg.*missing privilege" /var/adm/messages | awk
>> '{printf("%s\n", $12)}' | sort | uniq -c | sort -rn
>>    75750 "sys_devices"
>>      173 "file_dac_search"
>>        4 "proc_owner"
>>        2 "file_dac_read"
>>
>> What has to be added to /etc/security/exec_attr.d/SOME_FILE to prevent this?
> 
> It's possible that nobody on this mailing list understands illumos
> privileges.  Maybe try an illumos mailing list.
> 
> 
Thanks anyway.

-- 
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag.zecevic at 2e-systems.com

headquarter: 2e Systems GmbH, Koenigsteiner Str. 87, 65812 Bad Soden am 
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

More information about the openindiana-discuss mailing list