sudo libpam-ssh-agent-auth breaks kodi
Closed this issue · 2 comments
nettings commented
The (quite convoluted) /usr/bin/kodi script has three sudo calls.
Two of them are certainly obsolete because they use "service start" rather than systemd calls, and to a "cec" service that no longer exists.
The final one is a call to openvt (which could probably be avoided by setting appropriate permissions on a tty), but it also uses a call to "su" in its subcommand.
For now, if you want to use kodi, the workaround is to add /etc/sudoers.d/99-medianet-kodi
with the following content:
medianet ALL=(ALL) NOPASSWD: ALL
WARNING: This undoes privilege separation completely.
nettings commented
FIXME: limit sudo to only the calls required in that script?
nettings commented
we now allow members of the video group to sudo /bin/fgconsole
and /bin/chvt *
.