diff options
| author | Darren Hart <dvhart@linux.intel.com> | 2013-04-03 12:49:41 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-04 14:04:42 +0100 |
| commit | 12c9f9a83572423185455dbfee5d2083cbf826df (patch) | |
| tree | b6557bcf28c01a6e092add2ca9ec8bc3364f9cf2 /meta/recipes-graphics | |
| parent | 530b3b3cd4b81b87705b92c12cb29712cc71be57 (diff) | |
| download | poky-12c9f9a83572423185455dbfee5d2083cbf826df.tar.gz | |
xserver-nodm-init: Add xuser to input group
Fixes [YOCTO 4164](3/3)
Input devices come and go, so a single chmod in this init script is not
adequate to ensure rootless X servers can use input devices.
The o+rw method also introduces a security hole.
The newly added input group and input udev rule address this in a secure
way. Ensure the xuser is added to the input group.
(From OE-Core rev: 150b7ac8e1c0f029b90f63424867ee5347821cf7)
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Saul Wold <sgw@linux.intel.com>
Cc: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
| -rw-r--r-- | meta/recipes-graphics/x11-common/xserver-nodm-init.bb | 4 | ||||
| -rwxr-xr-x | meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm | 1 |
2 files changed, 2 insertions, 3 deletions
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb index eab76c597b..d2797a99d1 100644 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb | |||
| @@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)" | |||
| 2 | LICENSE = "GPLv2" | 2 | LICENSE = "GPLv2" |
| 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" | 3 | LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" |
| 4 | SECTION = "x11" | 4 | SECTION = "x11" |
| 5 | PR = "r30" | 5 | PR = "r31" |
| 6 | RDEPENDS_${PN} = "sudo" | 6 | RDEPENDS_${PN} = "sudo" |
| 7 | 7 | ||
| 8 | SRC_URI = "file://xserver-nodm \ | 8 | SRC_URI = "file://xserver-nodm \ |
| @@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ." | |||
| 34 | # USERADD_PARAM is in sync with the one in connman.inc | 34 | # USERADD_PARAM is in sync with the one in connman.inc |
| 35 | USERADD_PACKAGES = "${PN}" | 35 | USERADD_PACKAGES = "${PN}" |
| 36 | USERADD_PARAM_${PN} = "--create-home \ | 36 | USERADD_PARAM_${PN} = "--create-home \ |
| 37 | --groups video,tty,audio \ | 37 | --groups video,tty,audio,input \ |
| 38 | --user-group xuser" | 38 | --user-group xuser" |
| 39 | 39 | ||
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm index e790fb0921..f6692a814b 100755 --- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm +++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm | |||
| @@ -33,7 +33,6 @@ case "$1" in | |||
| 33 | # setting for rootless X | 33 | # setting for rootless X |
| 34 | chmod o+w /var/log | 34 | chmod o+w /var/log |
| 35 | chmod g+r /dev/tty[0-3] | 35 | chmod g+r /dev/tty[0-3] |
| 36 | chmod o+rw /dev/input/* | ||
| 37 | # hidraw device is probably needed | 36 | # hidraw device is probably needed |
| 38 | if [ -e /dev/hidraw0 ]; then | 37 | if [ -e /dev/hidraw0 ]; then |
| 39 | chmod o+rw /dev/hidraw* | 38 | chmod o+rw /dev/hidraw* |