search

vanilla-wiiu / vanilla

GNU General Public License v2.0
429 stars 21 forks source link

Fails to stream with AppArmor enabled (Ubuntu 24.04) #109

Open leag opened 6 days ago

leag commented 6 days ago

With AppArmor enabled it fails on Ubuntu with the following error:

SUBPROCESS execve (/home/luisatala/projects/vanilla/build/bin/../sbin/dhcp.sh, ...): Permission denied

leag commented 5 days ago

To use it with AppArmor enabled I had to add a line to /etc/apparmor.d/sbin.dhclient with the path of the dhcp.sh script. For testing I added: /home/luisatala/projects/vanilla/build/sbin/dhcp.sh Uxr,

applemayexist commented 3 days ago

I don't think there is anything Vanilla can do about this, as long as it uses this custom script. The AppArmor profile is working as intended, it is blocking dhclient from executing unknown and potentially dangerous programs. Not that this isn't an issue, but I just don't think the custom script method is viable.

itsmattkc commented 21 hours ago

Perhaps not, though I don't think exec-ing ip was a great solution either (I would argue the custom script should be the best solution since it fits into how dhclient works normally, but not if users' setups block our scripts).

The best alternative would probably be to use netlink/libnl directly to create the routes, which is something I started implementing before the custom script approach, but stalled because I needed a solution by a certain date (for a live stream).

applemayexist commented 17 hours ago

Perhaps not, though I don't think exec-ing ip was a great solution either (I would argue the custom script should be the best solution since it fits into how dhclient works normally, but not if users' setups block our scripts).

Yeah, I agree that the script is generally better than executing ip separately from dhclient like was done previously, but clearly in this particular case it isn't. We could fix that by installing AppArmor rules, but I assume you want to preserve functionality for non-installed builds, so that doesn't seem like an option.

The best alternative would probably be to use netlink/libnl directly to create the routes, which is something I started implementing before the custom script approach, but stalled because I needed a solution by a certain date (for a live stream).

👍