[Fedora-i18n-bugs] [Bug 565710] New: %{_bindir}/fbterm is not working for normal users unless a setcap is done.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: %{_bindir}/fbterm is not working for normal users unless a setcap is done. https://bugzilla.redhat.com/show_bug.cgi?id=565710 Summary: %{_bindir}/fbterm is not working for normal users unless a setcap is done. Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: low Component: fbterm AssignedTo: dchen(a)redhat.com ReportedBy: cchance(a)redhat.com QAContact: extras-qa(a)fedoraproject.org CC: dchen(a)redhat.com, fedora-i18n-bugs(a)redhat.com Estimated Hours: 0.0 Classification: Fedora Target Release: --- Description of problem: ibus-fbterm is not working except a setcap is done as follows: "sudo setcap cap_sys_tty_config+ep /path/to/fbterm" I have added this in the %post of ibus-fbterm, but I thought changes in fbterm pkg is more appropriate. Version-Release number of selected component (if applicable): fbterm-1.6-1.fc12.x86_64 How reproducible: Always. Steps to Reproduce: 1. install fbterm 2. install ibus-fbterm (http://kaio.fedorapeople.org/pkgs/ibus-fbterm-0.9.1-5.fc12.src.rpm However, it has setcap in the %post already. 3. execute 'ibus-fbterm-launch' Actual results: ibus-fbterm complained about capability problems. Expected results: ibus-fbterm is started properly. Additional info: `man fbterm` has this section: SECURITY NOTES FbTerm tries to change linux kernel key map table to setup shortcuts, which requires SYS_TTY_CONFIG capability from kernel version 2.6.15. It means FbTerm should be a setuid 0 program to allow non-root users to use shortcuts. FbTerm only switches to root privilege temporarily when changing key map table, we believe it’s pretty much free from security problems. If you really don’t like this and not use VESA support, and have a linux kernel with file system capabilities enabled, which allow user to give binaries a subset of root’s powers without using setuid 0 (official kernel 2.6.27 includes it), you can run command "sudo setcap ’cap_sys_tty_config+ep’ /path/to/fbterm". -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.