Bug 221545 - DRI initialized, but 660 only allows root
DRI initialized, but 660 only allows root
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xorg-x11-server (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Jackson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-04 19:32 EST by sean
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-29 14:50:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description sean 2007-01-04 19:32:25 EST
Description of problem:
login as user, then startx.
When X starts up it initializes DRI.
It sets /dev/dri permissions:

drwxr-xr-x 2 root   root          60 Jan  4 19:16 dri

and it sets /dev/dri/card0:

crw-rw---- 1 root root 226, 0 Jan  4 19:16 card0

which means that GL won't work for user:

$  glxinfo
libGL error: open DRM failed (Operation not permitted)
libGL error: reverting to (slow) indirect rendering
name of display: :0.0
display: :0  screen: 0
direct rendering: No
server glx vendor string: SGI
server glx version string: 1.2
.....................

chmod 666 card0  fixes it.

libGL warning: 3D driver claims to not support visual 0x5b
name of display: :0.0
display: :0  screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.2
server glx extensions:
........................
client glx vendor string: SGI
client glx version string: 1.4
client glx extensions:
..........................
GLX version: 1.2
GLX extensions:
.................
OpenGL vendor string: Tungsten Graphics, Inc
OpenGL renderer string: Mesa DRI Intel(R) 945G 20050225
OpenGL version string: 1.3 Mesa 6.5.1
..........................

Version-Release number of selected component (if applicable):
xorg-x11-server-Xorg-1.1.1-47.2.fc6.x86_64

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 sean 2007-01-07 13:10:16 EST
I've realized that I can add a dri stanza to xorg.conf to set the permissions to
666.

This machine was set up bare on fc6. Shouldn't 666 be the default? If there's
some secuirty issue ( ?? ) , at least 664. Otherwise standard users ( and I
consider myself to be reasonably knowledgable ) can't efectively run video apps.
I don't think it's reasonable to have users hand-editing xorg.conf ( if they
figure it out ).
Comment 2 Adam Jackson 2007-01-29 14:50:04 EST
There's no security issue here, afaik.  Regardless of the device permissions,
you can only talk to the DRM device if the X server lets you.

Fixed in rawhide, thanks!

Note You need to log in before you can comment on or make changes to this bug.