pcsc-lite conflicts with grsec
pcsc-lite is unable to access some usb related files under
/sys/devices/pci0…
this is due to GRKERNSEC_SYSFS_RESTRICT. To circumvent this issue:
apk add libcap-ng-utils
chown root:pcscd /usr/sbin/pcscd
chmod 0710 /usr/sbin/pcscd
filecap /usr/sbin/pcscd dac_read_search
and comment out
start_stop_daemon_args=“—user pcscd:pcscd”
in /etc/init.d/pcscd
however this is not needed for non-grsec kernels, should there be a pcscd-grsec apk which only differs in the post-install script? or how to solve this in the long run?
(from redmine: issue id 3280, created on 2014-08-07, closed on 2017-05-17)
- Relations:
- duplicates #3377 (closed)
- blocks #3027
- Changesets:
- Revision 09a91e10 by Timo Teräs on 2015-04-09T05:54:57Z:
main/pcsc-lite: fix sysfs access under grsec kernels
by granting dac_read_search to pcscd and hardening it's acl
ref #3280