[oe-commits] [openembedded-core] 04/22: xserver-nodm-init: Fix the start failure for non-root user
git at git.openembedded.org
git at git.openembedded.org
Sat Mar 7 10:57:19 UTC 2020
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch zeus
in repository openembedded-core.
commit fec05cd1eaaad41fd72a29d7792f1c37d2a82f3e
Author: Kevin Hao <kexin.hao at windriver.com>
AuthorDate: Sat Feb 8 20:36:42 2020 +0800
xserver-nodm-init: Fix the start failure for non-root user
In order to start the xserver, a non-root user should have the
cap_sys_admin capability to set the drm master. We try to get
the cap_sys_admin capability by setting it in both the thread
and file inheritable set. The side effect of this is that we
would have to add the "pam" to the distro features if we want
use the xserver-nodm-init for a non-root user.
[Yocto #11526]
Signed-off-by: Kevin Hao <kexin.hao at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit cfd71a68a4931c8bda15357ebb1e9ebcf0e302dc)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../recipes-graphics/x11-common/xserver-nodm-init/capability.conf | 2 ++
meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm | 8 ++++++++
meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb | 7 +++++--
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
new file mode 100644
index 0000000..7ab7460
--- /dev/null
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
@@ -0,0 +1,2 @@
+cap_sys_admin @USER@
+none *
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index 6c54855..116bb27 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -38,6 +38,14 @@ case "$1" in
if [ -e /dev/hidraw0 ]; then
chmod o+rw /dev/hidraw*
fi
+ # Make sure that the Xorg has the cap_sys_admin capability which is
+ # needed for setting the drm master
+ if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then
+ echo "auth optional pam_cap.so" >>/etc/pam.d/su
+ fi
+ if ! /usr/sbin/getcap $XSERVER | grep -q cap_sys_admin; then
+ /usr/sbin/setcap cap_sys_admin+eip $XSERVER
+ fi
fi
# Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211]
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
index a77c564..7f4e1e2 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \
file://gplv2-license.patch \
file://xserver-nodm.service.in \
file://xserver-nodm.conf.in \
+ file://capability.conf \
"
S = "${WORKDIR}"
@@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit update-rc.d systemd distro_features_check
-REQUIRED_DISTRO_FEATURES = "x11"
+REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}"
PACKAGECONFIG ??= "blank"
# dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG
@@ -40,6 +41,8 @@ do_install() {
if [ "${ROOTLESS_X}" = "1" ] ; then
XUSER_HOME="/home/xuser"
XUSER="xuser"
+ install -D capability.conf ${D}${sysconfdir}/security/capability.conf
+ sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
else
XUSER_HOME=${ROOT_HOME}
XUSER="root"
@@ -60,7 +63,7 @@ do_install() {
fi
}
-RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}"
+RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"
INITSCRIPT_NAME = "xserver-nodm"
INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list