Bug 140734
Summary: | no read permission for /dev/nvram | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | petrosyan |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | davej, rvokal |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-02-10 14:33:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
petrosyan
2004-11-24 15:54:22 UTC
put nvram in /etc/security/console.perms $ rpm -qf /etc/security/console.perms pam-0.77-65 This isn't a good idea as it means that the ownership of the /dev/nvram would be changed to console user and it would mean that the console user could overwrite it's contents -> changing CMOS setup settings. Maybe it would be better to change it's initial permissions in udev.permissions to 644 to allow to read it by all. I am not sure, if I want to set it readable by all.. let's ask on the mailing lists for opinions, concerns.. Any updates on this yet ? What is the best way to have /dev/nvram available ? Do I still need to provide /etc/udev/devices/nvram ? The problem with tpb is that it needs /dev/nvram (by default), even when the nvram module is not loaded. Is it better to load the nvram module on boot and how can this be arranged ? yes, the module should be loaded by kmodules, if it does not harm... It's not something that can be successfully probed at all. Any reason it's not built static? none that I know of other than the usual 'bloat when not used by 99% of the population'. True, but automatically loading it on bootup doesn't help that either. :/ nvram module gets loaded automatically when tpb accesses /dev/nvram. The problem is that it has no read permissions. The nvram mod does *not* get loaded automatically. I've tried. Putting "alias char-major-10-144 nvram" in modprobe.conf doesn't help the issue. I ended up throwing a script together in "/etc/dev.d/nvram" called perm.dev that executes when nvram is loaded. Since its just my laptop, I just did 666. (Course, who wants nvram on a multi-user sys anyway, eh?) The other thing is to throw in other="nvram" inside of rc.sysinit around line 151 to get it loaded on boot. (Maybe things like this are a good case for packages that configure the system for particular uses and/or particular laptops.) Note that there is /etc/rc.modules for loading of other modules at startup. I suppose there could be an /etc/sysconfig/modules instead. Comment associated with rc.modules: # Load modules (for backward compatibility with VARs) So, probably not to be used for forward-looking changes. I like the idea of /etc/sysconfig/modules. I think loading these types of modules via a config file external to the rc scripts is better--although, it creates yet-another-file-to-load-at-boot. As for the permissions problem, could a SELinux targeted policy be whipped together that would allow write access for tpb, KMilo, et al whilst denying for other processes? this bug has been fixed in tpb-0.6.3-2 from Fedora Extras |