summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorDarren Hart <dvhart@linux.intel.com>2013-04-03 12:49:41 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-04-04 14:04:42 +0100
commit12c9f9a83572423185455dbfee5d2083cbf826df (patch)
treeb6557bcf28c01a6e092add2ca9ec8bc3364f9cf2 /meta
parent530b3b3cd4b81b87705b92c12cb29712cc71be57 (diff)
downloadpoky-12c9f9a83572423185455dbfee5d2083cbf826df.tar.gz
xserver-nodm-init: Add xuser to input group
Fixes [YOCTO 4164](3/3) Input devices come and go, so a single chmod in this init script is not adequate to ensure rootless X servers can use input devices. The o+rw method also introduces a security hole. The newly added input group and input udev rule address this in a secure way. Ensure the xuser is added to the input group. (From OE-Core rev: 150b7ac8e1c0f029b90f63424867ee5347821cf7) Signed-off-by: Darren Hart <dvhart@linux.intel.com> Cc: Saul Wold <sgw@linux.intel.com> Cc: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-graphics/x11-common/xserver-nodm-init.bb4
-rwxr-xr-xmeta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm1
2 files changed, 2 insertions, 3 deletions
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
index eab76c597b..d2797a99d1 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)"
2LICENSE = "GPLv2" 2LICENSE = "GPLv2"
3LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" 3LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
4SECTION = "x11" 4SECTION = "x11"
5PR = "r30" 5PR = "r31"
6RDEPENDS_${PN} = "sudo" 6RDEPENDS_${PN} = "sudo"
7 7
8SRC_URI = "file://xserver-nodm \ 8SRC_URI = "file://xserver-nodm \
@@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
34# USERADD_PARAM is in sync with the one in connman.inc 34# USERADD_PARAM is in sync with the one in connman.inc
35USERADD_PACKAGES = "${PN}" 35USERADD_PACKAGES = "${PN}"
36USERADD_PARAM_${PN} = "--create-home \ 36USERADD_PARAM_${PN} = "--create-home \
37 --groups video,tty,audio \ 37 --groups video,tty,audio,input \
38 --user-group xuser" 38 --user-group xuser"
39 39
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index e790fb0921..f6692a814b 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -33,7 +33,6 @@ case "$1" in
33 # setting for rootless X 33 # setting for rootless X
34 chmod o+w /var/log 34 chmod o+w /var/log
35 chmod g+r /dev/tty[0-3] 35 chmod g+r /dev/tty[0-3]
36 chmod o+rw /dev/input/*
37 # hidraw device is probably needed 36 # hidraw device is probably needed
38 if [ -e /dev/hidraw0 ]; then 37 if [ -e /dev/hidraw0 ]; then
39 chmod o+rw /dev/hidraw* 38 chmod o+rw /dev/hidraw*