Bug#704154: vdr - Fails if started without any of CAP_SYS_TIME, CAP_SYS_NICE or CAP_NET_RAW

[Tobias Grimm]

On 30.03.2013 11:32, Bastian Blank wrote:

> Most systems should have some sort of ntp daemon installed, so updating
> with a less acurate source is bad anyway. But okay.

This option is especially for people running the VDR without a network 
connection. This isn't that common nowadays, but not unusual either.

>> CAP_SYS_NICE is required to set the thread priority. I think VDR is
>> correct here to exit with an error level if CAP_SYS_NICE is not
>> available.
>
> CAP_SYS_NICE is necessary to _higher_ the priority (aka lower the
> niceness). I was not able to find any rlimit calls at all in the vdr
> source.

The setpriority() calls used in VDR's cThread class require the 
CAP_SYS_NICE - at least if lowering the niceness, which some plugins do to 
get higher priority threads.

>> I'm not sure why CAP_NET_RAW is required. The only networking stuff
>> happening is at the SVDRP interface.
>
> CAP_NET_RAW is necessary to setup AF_RAW or AF_PACKET socket and set
> some options that can be used to do nasty stuff. I see nothing in vdr
> itself or the streamdev plugin.

Streamdev requires this for IGMP multicasts.

I've talked to Klaus (the upstream author) about this and in general he 
would accept a patch for this in 2.x (VDR 2.0.0 is going to be released on 
March, 31).

I'm not yet sure how this patch could look like. Ignoring CAP_SYS_TIME if 
it can not be set shouldn't be much of a problem. The other capabilities 
might cause trouble with some plugins.

But I'm not convinced yet, that this is a "serious" bug and I would prefer 
to lower the severity if nobody has any objections.

Tobias