nettings/medianet

sudo libpam-ssh-agent-auth breaks kodi

Closed this issue · 2 comments

The (quite convoluted) /usr/bin/kodi script has three sudo calls.
Two of them are certainly obsolete because they use "service start" rather than systemd calls, and to a "cec" service that no longer exists.
The final one is a call to openvt (which could probably be avoided by setting appropriate permissions on a tty), but it also uses a call to "su" in its subcommand.

For now, if you want to use kodi, the workaround is to add /etc/sudoers.d/99-medianet-kodi with the following content:

medianet ALL=(ALL) NOPASSWD: ALL

WARNING: This undoes privilege separation completely.

FIXME: limit sudo to only the calls required in that script?

we now allow members of the video group to sudo /bin/fgconsole and /bin/chvt *.