Hello,
I'm currently experimenting with OpenPGP smartcards. For those, I need sys-apps/pcsc-lite, which features a daemon (pcscd). This daemon has its own user and doesn't run with root permissions. However, it needs to access some files in /sys which are only accessible by root due to GRKERNSEC_SYSFS_RESTRICT. I went with the following solution: chown root:pcscd /usr/sbin/pcscd chmod 0710 /usr/sbin/pcscd filecap /usr/sbin/pcscd dac_read_search Should I just propose the maintainer to add this to the ebuild (conditional on a "hardened" USE flag), or would another course of action be preferred? Regards, Luis Ressel -- Luis Ressel <ara...@aixah.de> GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
signature.asc
Description: PGP signature
