Bernd Juraschek wrote: >> I don't know much about linux capabilities, but my feeling is, that they >> are meant for things not represented by devices (which use the simpler >> file-permissions model). > > On my system /dev/console has r/w access for anyone but this is not > sufficient. Damn. so much about file-permissions in /dev. :-( > I take a look into the kernel sources and there a two ways > to get the right to modify terminals with ioctl(): > > - the modified terminal is the controlling terminal for the process or This is reflected by vdr's --terminal option. Are you sure, that you must ioctl /dev/CONSOLE or is any other tty sufficient, must it be a foreground tty or can it be a virtual screen not currently active, a pseudo tty (of screen, sshd, KDE-konsole)? In the case, all that works, I suggest adding a note to your documentation that the user MUST specify the --terminal option of vdr and us stdin/stdout/stderr as file-descriptors for the ioctl. > - the user has the capability to modify terminal settings > The Plugins are loaded long AFTER droping root rights, so I guess there is no safe way for a plugin to request additional permissions/capabilities. Maybe you can ask Klaus to also keep the terminal setting caps, or provide a small patch witch allows the user to do so when compiling vdr (or both ;-) ). So long, -- Patrick Cernko | mailto:errror@xxxxxxxxxx | http://www.errror.org "Wer HTML postet oder gepostetes HTML quotet oder sich gepostetes oder gequotetes HTML beschafft, um es in Verkehr zu bringen, wird geplonkt." (anonym) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://www.linuxtv.org/pipermail/vdr/attachments/20070218/a73c0e5c/signature.pgp
