Bug 321007

Summary:	app-emulation/wine only looks for cdroms via /dev/sg*
Product:	Gentoo Linux	Reporter:	Alexander E. Patrakov <patrakov>
Component:	Current packages	Assignee:	Wine Maintainers <wine>
Status:	RESOLVED UPSTREAM
Severity:	normal	CC:	galtgendo
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Alexander E. Patrakov 2010-05-22 09:32:10 UTC

ConsoleKit is supposed to be able to make my membership in the "cdrom" group redundant and unneeded. But it fails to apply ACLs to /dev/sg*, and wine uses these devices.

Reproducible: Always

Steps to Reproduce:
1. Install consolekit and wine.
2. Check that consolekit works, i.e., applies ACLs to CD-ROM devices like /dev/sr0 when you log in.
3. Remove yourself from the cdrom group, because this membership is supposed to be no longer needed with ConsoleKit. Logout and login again.
4. Install EAC (http://www.exactaudiocopy.de/) in wine, try to use it.

Actual Results:  
EAC doesn't see the CD-ROM. This happens because wine uses the obsolete /dev/sg* method (not SG_IO on /dev/cdrom) to access CD-ROM when the program uses ASPI, and ConsoleKit doesn't set ACLs on /dev/sg*.

Expected Results:  
EAC should be able to access CD-ROM as the logged-in user, even without membership in the "cdrom" group.

I will be happy with any of the two resolutions:

1) Wine and all other software that uses /dev/sg* for CD-ROM access gets patched to use SG_IO instead, the "cdrom" group gets removed from udev rules about these devices.

2) ACLs are set by udev and ConsoleKit on /dev/sg* devices that correspond to CD-ROMs.

I use the multilib overlay.

Portage 2.2_rc67-r7 (default/linux/amd64/10.0/desktop, gcc-4.4.3, glibc-2.11.1-r0, 2.6.34-gentoo x86_64)
=================================================================
System uname: Linux-2.6.34-gentoo-x86_64-Intel-R-_Core-TM-2_CPU_6420_@_2.13GHz-with-gentoo-2.0.1
Timestamp of tree: Sat, 22 May 2010 03:15:01 +0000
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11
dev-lang/python:     2.6.5-r2, 3.1.2-r3
dev-util/cmake:      2.8.1-r1
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.3-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.33
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=core2 -fomit-frame-pointer -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=core2 -fomit-frame-pointer -pipe"
DISTDIR="/home/distfiles"
FEATURES="assume-digests buildpkg distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirror.yandex.ru/gentoo-distfiles http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LANG="ru_RU.UTF-8"
LDFLAGS="-Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/home/packages/amd64"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/home/build"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/multilib /var/lib/layman/java-overlay /var/lib/layman/lxde /usr/local/portage"
SYNC="rsync://mirror.yandex.ru/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 amr applet archive artworkextra automount bash-completion berkdb bidi bluetooth bzip2 cairo caps cdda cddb cdr cjk cli consolekit cracklib crypt css cups cxx dbus dirac djvu dri dts dvb dvd dvdr emboss encode exif faac faad fastcgi ffmpeg firefox flac fontconfig fortran fuse gcj gdbm gif gimp glibc-omitfp gnuplot gphoto2 gsm gtk iconv icq idn ieee1394 ipod ipv6 jabber jack jbig jingle jpeg jpeg2k ladspa lame lash latex lcms ldap libsamplerate mad mikmod mmx mmxext mng modules mozilla mp3 mp4 mpeg mplayer mudflap multilib musepack ncurses nls nocd nptl nptlonly nsplugin ogg opengl openmp pam pango pch pcre pdf perl png policykit ppds pppd python qt3support raw rdesktop readline reflection samba scanner schroedinger sdl session shorten smp speex spell spl sse sse2 sse3 ssl ssse3 startup-notification svg symlink sysfs tcl tcpd theora threads tiff tk truetype unicode usb v4l2 videos vim-syntax vnc vorbis wifi winbind wmf x264 xattr xcb xcomposite xinerama xml xmp xorg xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" DVB_CARDS="tda10046lifeview" ELIBC="glibc" INPUT_DEVICES="evdev synaptics keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="devinput audio_alsa inputlirc" RUBY_TARGETS="ruby18" SANE_BACKENDS="gt68xx" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Samuli Suominen (RETIRED) gentoo-dev

2010-12-18 22:45:33 UTC

moving to wine maintainers: "This happens because wine uses the obsolete /dev/sg* method" ...

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2010-12-19 02:17:54 UTC

original reporter: please try with wine 1.3.x series from ~arch.   note that 1.1.x series is no longer in portage.

Comment 3 Alexander E. Patrakov 2010-12-19 06:07:00 UTC

The bug is still there, in both its parts.

1) Discrepancy of permissions of /dev/sr0 and (obsolete) /dev/sg1. Both have the "cdrom" group, but only /dev/sr0 has ACLs.

2) Wine still uses /dev/sg1 when an application inside it uses ASPI to send raw commands to the CD-ROM.

Comment 4 SpanKY gentoo-dev

2010-12-19 22:33:21 UTC

i dont think you mean ACLs, but rather simple ownership/permission of the devices.  i also dont think these devices nodes are "obsolete" in any way.

/dev/sg* cannot all be granted directly to the cdrom group because sg (scsi generic) device nodes are created for all scsi devices.  /dev/sr* however are scsi recorders which means a cdrom group assumption is pretty safe.  the udev guys would have to comment as to the feasibility of granting cdrom ownership to /dev/sg* devices which correspond only to scsi recording devices.

as for getting wine changed, we dont do development on wine here.  feature enhancements should go to http://bugs.winehq.org/

the latest code base looks only for devices that start with "sg" in /dev:
dlls/wnaspi32/aspi.c:SCSI_Linux_CheckDevices()
...
    devdir = opendir("/dev");
    for (dent=readdir(devdir);dent;dent=readdir(devdir))
    {
        if (!(strncmp(dent->d_name, "sg", 2)))
            break;
    }
    closedir(devdir);
...

Comment 5 Alexander E. Patrakov 2010-12-20 05:49:36 UTC

I do mean ACLs. The traditional unix-style permissions are already applied automatically to /dev/sg* nodes corresponding to cdroms. See here:

aep@home ~ $ ls -l /dev/sr* /dev/sg*
crw-rw----  1 root disk  21, 0 Дек 20 10:24 /dev/sg0
crw-rw----  1 root cdrom 21, 1 Дек 20 10:24 /dev/sg1
crw-rw----  1 root disk  21, 2 Дек 20 10:24 /dev/sg2
crw-rw----  1 root disk  21, 3 Дек 20 10:24 /dev/sg3
crw-rw----  1 root disk  21, 4 Дек 20 10:24 /dev/sg4
crw-rw----  1 root disk  21, 5 Дек 20 10:24 /dev/sg5
brw-rw----+ 1 root cdrom 11, 0 Дек 20 10:24 /dev/sr0

aep@home ~ $ getfacl /dev/sr0 /dev/sg1
getfacl: Removing leading '/' from absolute path names
# file: dev/sr0
# owner: root
# group: cdrom
user::rw-
user:aep:rw-
group::rw-
mask::rw-
other::---

# file: dev/sg1
# owner: root
# group: cdrom
user::rw-
group::rw-
other::---

The ACL part of this bug is actually about the interaction with ConsoleKit. See the plus near /dev/sr0 above? It means that there are ACLs not representable with UNIX permissions. They are dumped with getfacl below. Note that there is no such ACL near /dev/sg1, although the "cdrom" group is applied to /dev/sg1.

Consolekit is the program that automatically creates such ACLs for logged-in users. It is supposed to make the cdrom group unneeded.

Comment 6 Alexander E. Patrakov 2011-01-03 08:38:15 UTC

I fixed this bug myself, by adding this line to /lib/udev/rules.d/70-acl.rules:

SUBSYSTEM=="scsi_generic", ENV{ID_CDROM}=="1", TAG+="udev-acl"

I know that it will be overwritten on udev upgrade if you don't take it into the package :)

Comment 7 Alexander E. Patrakov 2011-01-03 08:49:15 UTC

Oops, I pasted the wrong rule. Here is the correct one:

SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl"

Comment 8 Alexander E. Patrakov 2012-06-12 10:52:25 UTC

The ACLs on /dev/sg* are correct now, so the permissions-related part of this bug no longer exists. Wine still uses the obsolete /dev/sg* devices, though - it is an upstream bug.

Comment 9 Samuli Suominen (RETIRED) gentoo-dev

2014-02-27 11:52:26 UTC

50-udev-default.rules from udev-210:

SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom"
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom"

70-udev-acl.rules from consolekit-0.4.6:

SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="udev-acl"

so I don't think there is anything left to be done for udev-bugs@, rather this is app-emulation/wine problem for using old interfaces like Comment #8 already said

Comment 10 Samuli Suominen (RETIRED) gentoo-dev

2014-02-27 11:54:58 UTC

(In reply to Samuli Suominen from comment #9)
> 50-udev-default.rules from udev-210:
> 
> SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom"
> SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5",
> GROUP="cdrom"
> 
> 70-udev-acl.rules from consolekit-0.4.6:
> 
> SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5",
> TAG+="udev-acl"

Result of above setup:

$ ls -ld /dev/{sg*,sr*}
crw-rw----  1 root disk  21, 0 Feb 21 16:27 /dev/sg0
crw-rw----+ 1 root cdrom 21, 1 Feb 21 16:27 /dev/sg1
crw-rw----  1 root disk  21, 2 Feb 23 10:16 /dev/sg2
crw-rw----+ 1 root cdrom 21, 3 Feb 23 10:16 /dev/sg3
brw-rw----+ 1 root cdrom 11, 0 Feb 21 16:27 /dev/sr0
brw-rw----+ 1 root cdrom 11, 1 Feb 23 10:16 /dev/sr1

Looks okay to me, group is coming from udev, ACL + is coming from ConsoleKit (or alternatively, systemd's uaccess (logind))

Comment 11 Alexander E. Patrakov 2014-02-27 13:02:56 UTC

As comment 4 says,

> we dont do development on wine here