Bug 179862
Summary: | cdrecord fails as a user: Cannot send SCSI cmd via ioctl | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Nielsen <gnomeuser> | ||||||
Component: | kernel | Assignee: | Dave Jones <davej> | ||||||
Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | rawhide | CC: | ch.nolte, dgunchev, djuran, drago01, dwlegg, gbcox, gemi, gnugv_maintainer, grejigl-gnomeprevod, havardw, herrold, jim, jrb, k.georgiou, lam, mail, marco.matt, mishu, mkpai, nicolas.mailhot, paule, peter, pfrields, sundaram, tmraz, wtogami | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i386 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-09-05 21:36:51 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 175429 | ||||||||
Attachments: |
|
Description
David Nielsen
2006-02-06 09:48:05 UTC
I thought I already fixed this bug... do you use the latest rawhide version of cdrecord??? Rawhide, updated as of 06 Feb. 2006 rpm -q cdrecord cdrecord-2.01.01.0.a03-2 What did you try? Burn or blank? DVD or CDR? blanking CD-RW (cdrecord -dev=ATA:1,0,0 -blank=fast) cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl blanking CD-RW (cdrecord -dev=ATA:1,0,0 -blank=all) cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl burning .iso to CDR (cdrecord -dev=ATA:1,0,0 -driveropts=burnfree -data anonymos-shmoo.iso) cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl Trying to burn the FC4 DVD image to a DVD-RW disc with information on it yeilds nautilus-cd-burner response that I should insert a rewritable DVD disc or a DVDR with 2.4gb of space - however this disc contains the FC4 DVD data. From cdrecord in cli blanking and burning works though in this case. Do you really own the device? $ ls -l /dev/hd? Yes I do brw------- 1 david disk 22, 0 6 feb 15:48 /dev/hdc could you please install ltrace and do: $ ltrace cdrecord -dev=ATA:1,0,0 -blank=fast 2>&1 | tee cdrecord-ltrace.txt and attach cdrecord-ltrace.txt Created attachment 124263 [details]
cdrecord ltrace output
hmm.... output of: $ cdrecord -dev=ATA:1,0,0 debug=1000 -blank=fast -VVVVVVVVVVVVVV -vvvvvvvvvv Created attachment 124267 [details]
output cdrecord -dev=ATA:1,0,0 debug=1000 -blank=fast -VVVVVVVVVVVVVV -vvvvvvvvvv
Kernel does not allow the user to send SG_IO commands for Plextor drives. *** Bug 179861 has been marked as a duplicate of this bug. *** unlikely to be fixed by release time, and not blocker material (which is "cant install / can't update" right now). This needs work upstream. The problem iirc is that we can't do the 'allowed safe commands' on a per-device basis right now. This also happens to real SCSI burner (my TEAC CD-R55S). Making image from nautilus' CD/DVD creator (which can't burn it by itself) and using `cdrecord -v image.iso` as root correctly writes to the disk. Thus my try to chmod u+s `which cdrecord`, but then I get: Cdrecord-Clone 2.01.01a03-dvd (i686-pc-linux-gnu) Copyright (C) 1995-2005 JÄÅrg Schilling NOTE: (blah blah) TOC Type: 1 = CD-ROM cdrecord: Resource temporarily unavailable. Cannot get mmap for 4198400 Bytes on /dev/zero. IIRC, setuid bit on cdrecord doesn't work since kernel 2.6.7 or 2.6.9 anyhow, besides it can be considered insecure (what if an evil iso file could crash cdrecord?) so this doesn't bother me. Still, a normal user would just go on and log in to GNOME as root (if it's possible nowadays) to use nautilus-cd-burner/K3b/xcdroast. This situation encourages, or even forces some users to open their systems to all kinds of dangers, so is this really not blocker material? All this work is being put in SELinux and security, but I do su - to backup my data and someone else may even log in as root possibly only to... read files downloaded from the Internet (like isos). I realize in reality the average user won't open the system to attacks (it's not that obvious that root can burn CD-s when I can't), he/she'll just think Fedora 5 can't burn CD's (which is partly right) (last Fedora version I remember being able to use my burner without root was 1 or 2 before some kernel update). Since my burner is the only SCSI device in my system, using external PCI controller, which has separate device driver, can the safe or unsafe commands be allowed per-driver/module for folks like me? Or can cdrecord accept setuid (this would still require some kernel change if the situation hasn't changed since FC2)? While using Fedora Core 4, I had no problem buring CDs onto my Plextor SCSI CD-RW drive as a normal user. After I upgraded to Fedora Core 5, I could no longer burn CDs as a normal user. I have to make CDs as root What changed? I am having the same problem with a Plextor PX-716A and 2.6.16-1.2080_FC5, which worked fine under FC4 after we got past kernel 2.6.9. I assume that this is good old SG_IO issue again. I tried upgrading the firmware on my Plextor to the latest firmware, this has no effect. I also have a Dell latitude D510 (DVD/cdrw), where cdrecord works like a charm for non root users. I do have a work around though for my Plextor. I have installed cdrecord from my FC4 installation onto FC5. The cdrecord erase test can now be ran as a normal user. So what has changed in cdrecord between FC4 and FC5? same problem here: I have to burners installed 1,0,0 100) 'PLEXTOR ' 'DVDR PX-755A ' '1.02' Removable CD-ROM 1,1,0 101) 'LITE-ON ' 'LTR-52246S ' '6S0F' Removable CD-ROM the second one works fine the first one only as root. cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl downgraded to FC4 cdrecord an it seems to work fine. Compareable here: 1,0,0 100) 'PLEXTOR ' 'CD-R PX-W2410A' '1.04' Removable CD-ROM does not work, while 1,1,0 101) 'TEAC ' 'DV-W50D ' '1.06' Removable CD-ROM works fine. With "cdrtools-2.01.01a07.tar.bz2" from ftp.berlios.de (compiled and made suid root) both are working fine (but of cause no dvd support). Same problem with NEC 3500A. It was working fine just 3 days ago. Current version of cdrdao is cdrdao-1.2.1-1 I tried to burn cue/bin image on blank 700MB write once disk and it gave me same error. I own PLEXTOR PX-W5224A and have same problem with cdrecord and every program using it as backend (nautilus-burner, gnomebaker, ...). While trying to work the problem out I noticed something strange. When cdrecord is using ATA transport it doesn't work when invoked by user, but when ATAPI transport is specified cdrecord works when invoked by user. Here is how that look like: 1. ATA transport [juga@onosendai ~]$ cdrecord dev=ATA:1,0,0 -checkdrive Cdrecord-Clone 2.01.01a03-dvd (i686-pc-linux-gnu) Copyright (C) 1995-2005 Jörg Schilling NOTE: This version contains the OSS DVD extensions for cdrtools and thus may have bugs related to DVD issues that are not present in the original cdrtools. Please send bug reports or support requests to http://bugzilla.redhat.com/bugzilla The original cdrtools author should not be bothered with problems in this version. scsidev: '/dev/hdc' devname: '/dev/hdc' scsibus: -2 target: -2 lun: -2 Linux sg driver version: 3.5.27 Using libscg version 'schily-0.8'. cdrecord: Warning: using inofficial libscg transport code version (schily - Red Hat-scsi-linux-sg.c-1.85-RH '@(#)scsi-linux-sg.c 1.85 05/05/16 Copyright 1997 J. Schilling'). Device type : Removable CD-ROM Version : 0 Response Format: 1 Vendor_info : 'PLEXTOR ' Identifikation : 'CD-R PX-W5224A' Revision : '1.03' Device seems to be: Generic mmc CD-RW. cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl 2. ATAPI transport [juga@onosendai ~]$ cdrecord dev=ATAPI:0,0,0 -checkdrive Cdrecord-Clone 2.01.01a03-dvd (i686-pc-linux-gnu) Copyright (C) 1995-2005 Jörg Schilling NOTE: This version contains the OSS DVD extensions for cdrtools and thus may have bugs related to DVD issues that are not present in the original cdrtools. Please send bug reports or support requests to http://bugzilla.redhat.com/bugzilla The original cdrtools author should not be bothered with problems in this version. scsidev: 'ATAPI:0,0,0' devname: 'ATAPI' scsibus: 0 target: 0 lun: 0 Use of ATA is preferred over ATAPI. Warning: Using ATA Packet interface. Warning: The related Linux kernel interface code seems to be unmaintained. Warning: There is absolutely NO DMA, operations thus are slow. Using libscg version 'schily-0.8'. Device type : Removable CD-ROM Version : 0 Response Format: 1 Vendor_info : 'PLEXTOR ' Identifikation : 'CD-R PX-W5224A' Revision : '1.03' Device seems to be: Generic mmc CD-RW. Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr). Driver flags : MMC-3 SWABAUDIO BURNFREE Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R Also you can notice the warning sign: Warning: Using ATA Packet interface. Warning: The related Linux kernel interface code seems to be unmaintained. Warning: There is absolutely NO DMA, operations thus are slow. Maybe this will help solving this really irritating problem! I rolled back to the previous version of cdrdao 1.1.9-9 and now I can burn CDs with my SCSI PlexWriter CDRW. The newer version of cdrdao 1.2.1-1 is the one giving the above errors. Jeff Peterson (In reply to comment #22) > I rolled back to the previous version of cdrdao 1.1.9-9 and now I can burn CDs > with my SCSI PlexWriter CDRW. The newer version of cdrdao 1.2.1-1 is the one > giving the above errors. > > Jeff Peterson This is untrue. Rolling cdrdao back has no effect at all on the problem - I'm pretty sure it's a kernel issue. Is there any progress resolving this? Thanks. Whoops, count me among the people nailed by this. I've just moved my homebrew (admittedly overly baroque) music jukebox system from an old RedHat 7.1 system to a spanking new Fedora Core 5 system, and I can no longer import nor burn CDs, because that requires a non-root Java process to be able to operate cdrdao and cdrecord. I hope there is a fix on the horizon! Me too: Plextor 716A What is the difference between cdrecord 2.01.01.0.a03-3 and 2.01.1-9 (the old one) (In reply to comment #25) > Me too: Plextor 716A BTW, in contrast to cdrecord, growisofs works, also with nautilus-cd-burner. However the choice of writing speeds is strange: 31x (the lowest one) 47x 62x 94x 125x These cannot be correct of course. The speed flag is passed on to growisofs, so it probably uses the highest speed available, which is problematic. Same symptoms with a PlexWriter CD-R PX-W4012A on FC5 (fully updated.) Kernel is kernel-2.6.16-1.2122_FC5. I am having trouble burning cds to my plextor cd-r px-w4824a Gnomebaker produces the error messages below, when I try. Thanks in advance. cdrecord: No write mode specified. cdrecord: Asuming -tao mode. cdrecord: Future versions of cdrecord may have different drive dependent defaults. cdrecord: Continuing in 5 seconds... cdrecord: Cannot allocate memory. WARNING: Cannot do mlockall(2). cdrecord: WARNING: This causes a high risk for buffer underruns. cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler cdrecord: Permission denied. WARNING: Cannot set priority using setpriority(). cdrecord: WARNING: This causes a high risk for buffer underruns. scsidev: '/dev/hdd' devname: '/dev/hdd' scsibus: -2 target: -2 lun: -2 Linux sg driver version: 3.5.27 cdrecord: Warning: using inofficial libscg transport code version (schily - Red Hat-scsi-linux-sg.c-1.85-RH '@(#)scsi-linux-sg.c 1.85 05/05/16 Copyright 1997 J. Schilling'). SCSI buffer size: 64512 cdrecord: Operation not permitted. Cannot send SCSI cmd via ioctl Cdrecord-Clone 2.01.01a03-dvd (i686-pc-linux-gnu) Copyright (C) 1995-2005 Jörg Schilling NOTE: This version contains the OSS DVD extensions for cdrtools and thus may have bugs related to DVD issues that are not present in the original cdrtools. Please send bug reports or support requests to http://bugzilla.redhat.com/bugzilla The original cdrtools author should not be bothered with problems in this version. TOC Type: 3 = CD-ROM XA mode 2 Using libscg version 'schily-0.8'. atapi: 1 Device type : Removable CD-ROM Version : 0 Response Format: 1 Vendor_info : 'PLEXTOR ' Identifikation : 'CD-R PX-W4824A' Revision : '1.01' Device seems to be: Generic mmc CD-RW. Current: 0x0009 Profile: 0x0008 Profile: 0x0009 (current) Profile: 0x000A Just to save other people testing this, I have just re-tested with Kernel 2.6.17-1.2139_FC5 and a Plextor PX-716A. The problem still exists. FC4 cdrecord 2.01-dvd works with Plextor PX-716A FC5 cdrecord 2.01.01a03-dvd - doesn't work looks like I will be using the old FC4 version of cdrecord for a while longer yet ;-) Shipping FC5 with this bug was embarrasing, shipping FC6 with it would be downright shameful - can we get a pledge going to get this fixed? I'll start out with offering 100USD for this to be fixed before FC6 Final as it's holding me back from advocating GNU/Linux to anyone who shelled out for a decent quality burner, not to mention holding me back from burning using any kind of sane approach. I'll also donate any amount of time needed for testing potential fixes. Current kernel 2.6.17-1.2139_FC5 + cdrecord-2.01.01.0.a10-0.FC5.1 from updates-testing still give me the same error for my old TEAC CD-R55S (which isn't decent quality for David, but it does the job) as normal user. But suddenly, chmod u+s /usr/bin/cdrecord made it work! (Current FC5 version gave me the /dev/zero error message). So it's fixed for me in updates-testing for FC5. It seems 5.90 aka 6test1 has the same version onboard. Other users may be scared of suid cdrecord. Can't the "allowed safe commands" be set per-program by selinux? cdrecord won't try to record to hard drives anyhow, right? Running cdrecord suid would not be considered a viable solution I think, maybe something like switching to libburn (and the cdrecord compatible wrapper for that) would work better longterm. For now I think we'll have to wait for DaveJ or a similar guru to actually propose a solution that would work for FC6. the solution for looks simple just downgrade and report it upstream. There is no upstream, read: "The original cdrtools author should not be bothered with problems in this version." But try the version from updates-testing - it's based on new cdrecord, which includes DVD recording without patches, so I guess it's closer to upstream now and partly fixed the issue for me (using suid, but I'm brave). Reassigning to -devel SCSI commands is simply the wrong place to solve the issue. This is a polict issue. What works is a fix with sudo, and in the %post of cdrecord: NONCE=`grep '/usr/bin/cdrecord' /etc/sudoers | awk '{print $1}'` [ "x$NONCE" = "x" ] && \ echo "ALL ALL = NOPASSWD: /usr/bin/cdrecord" >> /etc/sudoers and a Requires: sudo in the .spec file. One could get fancy, and tie it into an active console login only. of course, but if a person has a shell account on a box, any manner of local escalation attacks are present. david -- send the $100 to the FSF please I prefer making it setuid root - not only it doesn't require additional package and doesn't do anything in %post, but can drop privileges as soon as it's possible (and afair it does, or at least tries). Also works from guis with no effort at all. Now we want to make it work without becoming root at all. Right. Sudo is not an option, nor is requiring it to be setuid. I need to be able to run this as a user command because an unprivileged tomcat process needs to be able to operate these commands for my elaborate jukebox system to work properly. They used to work, they need to work again. Don't make me go back to RedHat 7! As mentioned earlier in this bug (comment #32), any solution suid, sudo or similar is not a solution to this problem as it only brings back the security issue we were trying to fix. DaveJ has yet to comment on the solution he would like to see, I would also like everyone here to add to the pledge rather than leaving it at a the 100 USD I can afford to spend, we should all pool together for a solution that is acceptable for inclusion in Fedora Core 6. As mentioned that excludes all manners of running as root, sorry. Time is running out, Test 2 hits soonish and that leaves only precious little time to make this work. Don't let FC ship another release that doesn't burn CDs, it's a regression and it is preventing a lot of users from doing what is to be considered an every day task. we should capture the commands that are required and patch the kernel to allow them; this is somehow a hack but its better than no burning and it would be more secure than sbit (and other root hacks) Does the cdrecord downgrade in the development tree change anything? Based upon a sample of one test to a CDRW - It works! :-) I had actually replaced my Plextor with a different model just so that I could burn some disks. Any how getting back to this thread. I installed FC5 + all updates for 26 Aug on my old test pc. Installed Plextor PX-716 drive, as expected it didn't work as a non root user. Installed glibc + glibc-common + cdrecord-2.01-10 from development. Now normal users can burn CDROMs again (I will test DVD writing later). I can attached cdrecord debug outputs if they are required. This is excellent news and I hope this makes FC6 I can now also confirm that DVD writing also works with cdrecord-2.01-10 Just a quick "me-too". It works for me! Thanks. Ok guys. Judging from the above comments it appears that the downgrade to solve the GPL/CDDL combination mess in later versions of cdrecord appears to fix this problem as a nice side effect just as I thought. We have a ongoing discussion on linux scsi list to solve the general issue but that shouldnt affect users now. Thank you for all the testing and feedback. I am closing this bug now. |