On Fri, 2009-11-13 at 14:56 -0600, Brian Cameron wrote: > Note that the Fluendo DVD player requires that your RBAC configuration > is set up properly. You'll notice that the /usr/bin/fluendo-dvd > script runs the actual player with pfexec. For this to work, the > RBAC needs to be configured so that this program has "sys_devices" > privilege to the USCSI interfaces on the system. > > Could you grep for "fluendo-dvd" in /etc/security/exec_attr and tell me > what it says?
Desktop Removable Media User:solaris:cmd:::/usr/share/fluendo-dvd/bin/fluendo-dvd:privs=sys_devices This is evidently added automatically by the fluendo-dvd package's postinstall script. > Note that whatever profile is in the first column needs > to be assigned to the user wanting to play the DVD. Normally this > should get set automatically for whatever user is the "Console User". > > However, note that some recent release of Solaris had some bugs with the > "Console User" not getting set properly for the user logging into > the system. So, if you are using builds 124-125, then you may be > running into this problem. You may need to modify /etc/user_attr to add > the profile directly to your user if you are using one of these broken > builds. Hmm, but the root role has "All" profiles, and pfexec causes fluendo-dvd to run as the root role due to the "roles=root" entry in the OpenSolaris primary user's user_attr line. The fluendo-dvd executable ends up running as root due to this. Just in case, I added "Console User" to my list of profiles in user_attr, but it did not solve this problem. -Seb
