[oe-commits] Darren Hart : xserver-nodm-init: Add xuser to input group

[git at git.openembedded.org]

Module: openembedded-core.git
Branch: master-next
Commit: 150b7ac8e1c0f029b90f63424867ee5347821cf7
URL:    http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=150b7ac8e1c0f029b90f63424867ee5347821cf7

Author: Darren Hart <dvhart at linux.intel.com>
Date:   Wed Apr  3 12:49:41 2013 -0700

xserver-nodm-init: Add xuser to input group

Fixes [YOCTO 4164](3/3)

Input devices come and go, so a single chmod in this init script is not
adequate to ensure rootless X servers can use input devices.

The o+rw method also introduces a security hole.

The newly added input group and input udev rule address this in a secure
way. Ensure the xuser is added to the input group.

Signed-off-by: Darren Hart <dvhart at linux.intel.com>
Cc: Saul Wold <sgw at linux.intel.com>
Cc: Laurentiu Palcu <laurentiu.palcu at intel.com>
Signed-off-by: Saul Wold <sgw at linux.intel.com>

---

 .../x11-common/xserver-nodm-init.bb                |    4 ++--
 .../x11-common/xserver-nodm-init/xserver-nodm      |    1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
index eab76c5..d2797a9 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SECTION = "x11"
-PR = "r30"
+PR = "r31"
 RDEPENDS_${PN} = "sudo"
 
 SRC_URI = "file://xserver-nodm \
@@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
 # USERADD_PARAM is in sync with the one in connman.inc
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio \
+                       --groups video,tty,audio,input \
                        --user-group xuser"
 
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index e790fb0..f6692a8 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -33,7 +33,6 @@ case "$1" in
            # setting for rootless X
            chmod o+w /var/log
            chmod g+r /dev/tty[0-3]
-           chmod o+rw /dev/input/*
            # hidraw device is probably needed
            if [ -e /dev/hidraw0 ]; then
                chmod o+rw /dev/hidraw*