First some interesting fact. Earlier I wrote that performed limited user
permissions setup according to reply in the How do I let an SDL app (not
running as root) use the console
<https://unix.stackexchange.com/questions/58961/how-do-i-let-an-sdl-app-not-running-as-root-use-the-console>
StackExchange post. Today I discovered that rights change on /dev/console
doesn’t survive reboot. I changed rights back and immediately, without
rebooting, tried pygame example again. No visible changes, same “Unable to
open console terminal” error for the limited user.
суббота, 8 июля 2017 г., 6:40:08 UTC+3 пользователь Martin Kühne написал:
>
> > I already changed permissions for the limited user (pi) according to
> this instruction: How do I let an SDL app (not running as root) use the
> console, but to no avail :(
>
> I just wanted to suggest you make sure permissions in /dev are
> granted, but you appear to have arrived at that conclusion yourself.
> Of course now you have to figure out which device is being opened
> unsuccessfully. /dev/console only applies to text i/o and not
> framebuffer and graphics. /dev/fb0 maybe? Maybe use strace instead?
>
> cheers!
> mar77i
>
I tried running under strace and got 2 log files: one of running under root
and one for running under limited user (pi). Here is the different part:
ssh terminal, run as root
ssh terminal, run as limited user
Comment
open("/dev/tty0", O_WRONLY) = 5
ioctl(5, VIDIOC_QUERYCAP or VT_OPENQRY, 0x1e5f89c) = 0
close(5) = 0
open("/dev/tty0", O_WRONLY) = 5
ioctl(5, VIDIOC_QUERYCAP or VT_OPENQRY, 0x776e1c) = 0
close(5) = 0
Visible match, but I don’t know whether ioctl output data was the same,
looking at subsequent system calls I suppose it wasn’t.
Frankly speaking, I don’t understand what does ioctl call with 2 OR’ed
requests mean…
According to this article <http://www.linuxjournal.com/article/2783> (it’s
1994!!! But there is no reason not to believe…), ioctl VT_OPENQRY is
something like “kernel, give me some number of the free terminal I could
use”
geteuid32() = 0
geteuid32() = 1000
Mismatch: got user ID we are running behind of
open("/dev/vc/2", O_RDWR) = -1 ENOENT (No such file or directory)
Mismatch: there was no try to open "/dev/vc/2" under limited user
open("/dev/tty2", O_RDWR) = 5
Mismatch: there was no try to open "/dev/tty2" under limited user
Looking at this and previous system calls I suppose ioctl VT_OPENQRY
returned terminal number 2 for the case when pygame was run under root. For
the limited-user case it’s not clear what was the result of that ioctl.
open("/dev/tty", O_RDWR) = 6
open("/dev/tty", O_RDWR) = 5
Match: opened current terminal device
ioctl(6, TIOCNOTTY) = 0
close(6) = 0
Root version detached itself from the current terminal. As I could find
using Google, this is what usually daemon processes started from terminal
do.
ioctl(5, VT_GETSTATE, 0x7ee7da28) = -1 ENOTTY (Inappropriate ioctl for
device)
According to article mentioned above, ioctl VT_GETSTATE query is something
like “kernel, give me list of terminals available and their use state”
ioctl(5, KDGKBMODE, 0x7eaf2078) = 0
ioctl(5, KDGKBMODE, 0x7ee7da28) = -1 ENOTTY (Inappropriate ioctl for device)
“Kernel, give me keyboard mode associated with this tty”
Limited-user version run this request on /dev/tty and root-user version run
on /dev/tty2.
ioctl(5, KDGKBENT, 0x7eaf2078) = 0
close(5) = 0
munmap(0x74340000, 3145728) = 0
close(3) = 0
rt_sigaction(SIGINT, NULL, {0x127304, [], SA_RESTORER, 0x76d18180}, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
write(2, "Traceback (most recent call last"..., 35) = 35
Seems previous ioctl result was fatal for limited-user version.
Despite large amount of data from strace, it’s really not clear to me what
permissions and on what files should I set to allow limited user to run
pygame from ssh terminal...
