diff --git a/sonic-desktop-interface/sonic-desktop-interface.spec b/sonic-desktop-interface/sonic-desktop-interface.spec index f13152c..90bf202 100644 --- a/sonic-desktop-interface/sonic-desktop-interface.spec +++ b/sonic-desktop-interface/sonic-desktop-interface.spec @@ -11,7 +11,7 @@ Name: sonic-desktop-interface Summary: Plasma Desktop shell Version: 6.6.4 -Release: 13%{?dist} +Release: 11%{?dist} License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) #URL: https://invent.kde.org/plasma/%{name} @@ -393,13 +393,6 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/kaccess.desktop %changelog -* Thu Jul 02 2026 Anders da Silva Rytter Hansen - 6.6.4-13 -- Revert previous workaround and fix issue in Sonic-Win and Sonic-Workspace instead. - -* Thu Jul 02 2026 Anders da Silva Rytter Hansen - 6.6.4-12 -- Disable panel floating/opacity animations to avoid stutter when the panel - changes state (e.g. switching virtual desktops). - * Fri Apr 10 2026 Steve Cossette - 6.6.4-1 - 6.6.4 diff --git a/sonic-login-manager-selinux/plasmalogin-selinux.fc b/sonic-login-manager-selinux/plasmalogin-selinux.fc new file mode 100644 index 0000000..8b06360 --- /dev/null +++ b/sonic-login-manager-selinux/plasmalogin-selinux.fc @@ -0,0 +1,7 @@ +# Label the plasmalogin daemon and helper binaries as X display manager +# executables so they run in the xdm_t domain on SELinux enforcing systems. + +/usr/bin/plasmalogin -- system_u:object_r:xdm_exec_t:s0 +/usr/libexec/plasmalogin-helper -- system_u:object_r:xdm_exec_t:s0 +/usr/libexec/plasmalogin-helper-start-x11user -- system_u:object_r:xdm_exec_t:s0 +/usr/libexec/plasma-login-greeter -- system_u:object_r:xdm_exec_t:s0 diff --git a/sonic-login-manager-selinux/plasmalogin-selinux.te b/sonic-login-manager-selinux/plasmalogin-selinux.te index 2acbf27..871f0d5 100644 --- a/sonic-login-manager-selinux/plasmalogin-selinux.te +++ b/sonic-login-manager-selinux/plasmalogin-selinux.te @@ -1,12 +1,10 @@ module plasmalogin-selinux 1.0; require { - type unconfined_t; type xdm_exec_t; - class file { entrypoint execute }; } -# Allow the plasmalogin process to execute the X11 user helper binary -# which is labeled as xdm_exec_t. This is needed when the plasmalogin -# daemon is not running in the xdm_t domain on SELinux enforcing systems. -allow unconfined_t xdm_exec_t:file { entrypoint execute }; +# File context rules for plasmalogin binaries are defined in the +# accompanying .fc file. Labeling the daemon and helper binaries as +# xdm_exec_t lets systemd transition plasmalogin into the xdm_t domain, +# which already has the required permissions to run X11 user sessions. diff --git a/sonic-login-manager-selinux/sonic-login-manager-selinux.spec b/sonic-login-manager-selinux/sonic-login-manager-selinux.spec index c6cce72..0d21040 100644 --- a/sonic-login-manager-selinux/sonic-login-manager-selinux.spec +++ b/sonic-login-manager-selinux/sonic-login-manager-selinux.spec @@ -1,10 +1,11 @@ Name: sonic-login-manager-selinux -Version: 1.0 +Version: 1.0.1 Release: 1%{?dist} Summary: SELinux policy module for Sonic Login Manager License: MIT URL: https://github.com/Sonic-DE/sonic-login-manager Source0: plasmalogin-selinux.te +Source1: plasmalogin-selinux.fc BuildArch: noarch @@ -15,34 +16,42 @@ Requires(post): policycoreutils Requires(postun): policycoreutils %description -SELinux policy module that allows Sonic Login Manager to launch -X11 user sessions when running under SELinux enforcing mode. +SELinux policy module that labels the Sonic Login Manager binaries as +xdm_exec_t so systemd runs the daemon in the xdm_t domain. This lets +Sonic Login Manager launch X11 user sessions under SELinux enforcing +mode without granting broad unconfined_t permissions. %prep %setup -c -T cp %{SOURCE0} . +cp %{SOURCE1} . %build -# Compile the SELinux type enforcement file into a loadable module package +# Compile the SELinux type enforcement file and file context rules into a loadable module package checkmodule -M -m -o plasmalogin-selinux.mod plasmalogin-selinux.te -semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod +semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod -f plasmalogin-selinux.fc %install install -D -m 644 plasmalogin-selinux.pp %{buildroot}%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp %post -# Load the SELinux policy module +# Load the SELinux policy module and apply file contexts to the plasmalogin binaries semodule -i %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp || : +restorecon -Rv /usr/bin/plasmalogin /usr/libexec/plasmalogin-helper /usr/libexec/plasmalogin-helper-start-x11user /usr/libexec/plasma-login-greeter || : %postun if [ $1 -eq 0 ]; then - # Remove the SELinux policy module on package uninstall + # Remove the SELinux policy module and restore default file contexts on uninstall semodule -r plasmalogin-selinux || : + restorecon -Rv /usr/bin/plasmalogin /usr/libexec/plasmalogin-helper /usr/libexec/plasmalogin-helper-start-x11user /usr/libexec/plasma-login-greeter || : fi %files %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp %changelog +* Tue Jun 30 2026 Anders da Silva Rytter Hansen - 1.0.1-1 +- Use with file context rules labeling plasmalogin binaries as xdm_exec_t instead + * Tue Jun 30 2026 Anders da Silva Rytter Hansen - 1.0-1 -- Initial package with SELinux allow rule for plasmalogin-helper-start-x11user +- Initial package with SELinux allow rule for plasmalogin-helper-start-x11user \ No newline at end of file diff --git a/sonic-login-manager/sonic-login-manager.spec b/sonic-login-manager/sonic-login-manager.spec index e0c9750..c66922c 100644 --- a/sonic-login-manager/sonic-login-manager.spec +++ b/sonic-login-manager/sonic-login-manager.spec @@ -2,7 +2,7 @@ Name: sonic-login-manager Version: 6.6.4 -Release: 12%{?dist} +Release: 13%{?dist} License: BSD-3-Clause and CC0-1.0 and (GPL-2.0-only or GPL-3.0-only) and GPL-2.0-or-later and LGPL-2.0-or-later and LGPL-2.1-or-later Summary: QML based login manager for SonicDE @@ -211,9 +211,8 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/kcm_plasmalogin.desk %changelog -* Tue Jun 30 2026 Anders da Silva Rytter Hansen - 6.6.4-12 -- Add SELinux policy module to allow plasmalogin to launch X11 user sessions -- Remove with_X11 condition since we will always be using X11 +* Tue Jun 30 2026 Anders da Silva Rytter Hansen - 6.6.4-13 +- Add SELinux policy dependency to label plasmalogin binaries as xdm_exec_t * Fri Apr 10 2026 Steve Cossette - 6.6.4-1 - 6.6.4 diff --git a/sonic-win/sonic-win-6.6.4-strut-throttle.patch b/sonic-win/sonic-win-6.6.4-strut-throttle.patch deleted file mode 100644 index 11df64b..0000000 --- a/sonic-win/sonic-win-6.6.4-strut-throttle.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Anders da Silva Rytter Hansen -Date: Thu, 02 Jul 2026 12:00:00 +0000 -Subject: [PATCH] Batch strut-triggered workspace rearranges to reduce stutter - -When a panel animates between floating and docked states it can change -its strut several times in quick succession. KWin handled those by -calling Workspace::rearrange() immediately, which recalculates work areas -and calls checkWorkspacePosition() on every client. That O(n) work on -every strut update causes visible stutter on X11 when other animations -are running. - -Use the existing scheduleRearrange() path instead and bump its timer -from 0 ms to 50 ms so rapid strut changes are coalesced into a single -re-layout. This keeps the work area correct while reducing the amount -of synchronous work done during panel transitions. ---- - src/events.cpp | 2 +- - src/workspace.cpp | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - ---- a/src/events.cpp 2026-04-08 10:00:41.000000000 -0300 -+++ b/src/events.cpp 2026-07-02 12:20:39.184413094 -0300 -@@ -398,7 +398,7 @@ - } - if ((dirtyProperties & NET::WMStrut) != 0 - || (dirtyProperties2 & NET::WM2ExtendedStrut) != 0) { -- workspace()->rearrange(); -+ workspace()->scheduleRearrange(); - } - if ((dirtyProperties & NET::WMIcon) != 0) { - getIcons(); ---- a/src/workspace.cpp 2026-04-08 10:00:41.000000000 -0300 -+++ b/src/workspace.cpp 2026-07-02 12:20:49.966586529 -0300 -@@ -2178,7 +2178,7 @@ - - void Workspace::scheduleRearrange() - { -- m_rearrangeTimer.start(0); -+ m_rearrangeTimer.start(50); - } - - void Workspace::rearrange() diff --git a/sonic-win/sonic-win.spec b/sonic-win/sonic-win.spec index 49ed064..6050e59 100644 --- a/sonic-win/sonic-win.spec +++ b/sonic-win/sonic-win.spec @@ -4,7 +4,7 @@ Name: sonic-win Version: 6.6.4 -Release: 12%{?dist} +Release: 11%{?dist} Summary: KDE Window manager License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT @@ -18,7 +18,6 @@ URL: https://github.com/Sonic-DE/%{name} Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz ## upstream patches -Patch0: sonic-win-6.6.4-strut-throttle.patch ## proposed patches @@ -298,10 +297,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/xdg/Xwayland-session.d %changelog -* Thu Jul 02 2026 Anders da Silva Rytter Hansen - 6.6.4-12 -- Batch strut-triggered workspace rearranges to reduce stutter during panel - state transitions. - * Sun Apr 12 2026 Steve Cossette - 6.6.4-2 - Added evdev as BR for controller support (#22) diff --git a/sonic-workspace/sonic-workspace-6.6.4-mask-throttle.patch b/sonic-workspace/sonic-workspace-6.6.4-mask-throttle.patch deleted file mode 100644 index f550b47..0000000 --- a/sonic-workspace/sonic-workspace-6.6.4-mask-throttle.patch +++ /dev/null @@ -1,114 +0,0 @@ -From: Anders da Silva Rytter Hansen -Date: Thu, 02 Jul 2026 13:00:00 +0000 -Subject: [PATCH] Reduce per-frame compositor work during panel floating animation - -PanelView::updateMask() is called once per animation frame while the -panel transitions between docked and floating. It calls -KWindowEffects::enableBlurBehind() and enableBackgroundContrast() which -update the compositor's effect region via X11/D-Bus. Doing this for -every frame causes visible stutter when other animations are running. - -Additionally, the animation's valueChanged handler was calling -positionAndResizePanel() every frame, which calls setGeometry(), -emits availableScreenRegionChanged() and calls slideWindow() every -frame even though the panel's X window geometry is constant during the -animation. - -Coalesce the blur/contrast updates with a 50 ms single-shot timer and -replace the per-frame positionAndResizePanel() call with a lightweight -updateMask() call. Finalize geometry and effects once when the -animation finishes. This keeps the QML geometry/opacity animation -smooth while drastically reducing synchronous work sent to the -compositor. ---- - shell/panelview.cpp | 19 +++++++++++++++++++ - shell/panelview.h | 5 +++++ - 2 files changed, 24 insertions(+) - ---- a/shell/panelview.h 2026-04-08 06:33:10.000000000 -0300 -+++ b/shell/panelview.h 2026-07-02 13:09:59.011179892 -0300 -@@ -8,6 +8,7 @@ - - #include - #include -+#include - #include - #include - #include // For WId -@@ -306,6 +307,7 @@ - void adaptToScreen(); - void handleQmlStatusChange(QQmlComponent::Status status); - void updateMask(); -+ void applyPendingMaskUpdate(); - void updateEnabledBorders(); - void updatePadding(); - void updateFloating(); -@@ -363,6 +365,9 @@ - LengthMode m_lengthMode; - Plasma::Theme m_theme; - QTimer m_unhideTimer; -+ QTimer m_maskThrottleTimer; -+ bool m_pendingMaskUpdate = false; -+ bool m_forceMaskUpdate = false; - Plasma::Types::BackgroundHints m_backgroundHints; - KSvg::FrameSvg::EnabledBorders m_enabledBorders = KSvg::FrameSvg::AllBorders; - QPointer m_lastScreen; ---- a/shell/panelview.cpp 2026-04-08 06:33:10.000000000 -0300 -+++ b/shell/panelview.cpp 2026-07-02 13:39:01.337688294 -0300 -@@ -111,6 +111,10 @@ - m_strutsTimer.setSingleShot(true); - connect(&m_strutsTimer, &QTimer::timeout, this, &PanelView::updateExclusiveZone); - -+ m_maskThrottleTimer.setSingleShot(true); -+ m_maskThrottleTimer.setInterval(50ms); -+ connect(&m_maskThrottleTimer, &QTimer::timeout, this, &PanelView::applyPendingMaskUpdate); -+ - connect(m_corona, &Plasma::Corona::editModeChanged, this, &PanelView::updateEditModeLabel); - - // Register enums -@@ -1304,6 +1308,17 @@ - return; - } - -+ if (m_floatingnessAnimation.state() == QAbstractAnimation::Running && !m_forceMaskUpdate) { -+ m_pendingMaskUpdate = true; -+ if (!m_maskThrottleTimer.isActive()) { -+ m_maskThrottleTimer.start(); -+ } -+ return; -+ } -+ -+ m_forceMaskUpdate = false; -+ m_pendingMaskUpdate = false; -+ - // Popups now align to the mask, without it they appear in the wrong position - // always create it and show blur and contrast when needed - QRegion mask; -@@ -1364,6 +1379,14 @@ - } - } - -+void PanelView::applyPendingMaskUpdate() -+{ -+ if (m_pendingMaskUpdate) { -+ m_forceMaskUpdate = true; -+ updateMask(); -+ } -+} -+ - bool PanelView::canSetStrut() const - { - // read the wm name, need to do this every time which means a roundtrip unfortunately -@@ -1587,10 +1610,10 @@ - return; - } - m_floatingness = get(value); -- positionAndResizePanel(); -+ updateMask(); - }); - connect(&m_floatingnessAnimation, &QPropertyAnimation::finished, rootObject, [this]() { -- updateMask(); -+ positionAndResizePanel(); - }); - connect(rootObject, SIGNAL(minPanelHeightChanged()), this, SLOT(updatePadding())); - connect(rootObject, SIGNAL(minPanelWidthChanged()), this, SLOT(updatePadding())); diff --git a/sonic-workspace/sonic-workspace.spec b/sonic-workspace/sonic-workspace.spec index 8413b1b..935c9d6 100644 --- a/sonic-workspace/sonic-workspace.spec +++ b/sonic-workspace/sonic-workspace.spec @@ -7,7 +7,7 @@ Name: sonic-workspace Summary: Plasma workspace, applications and applets Version: 6.6.4 -Release: 15%{?dist} +Release: 13%{?dist} # Automatically converted from old format: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT - review is highly recommended. License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT @@ -37,7 +37,6 @@ Source40: ssh-agent.conf Source41: spice-vdagent.conf ## upstream patches -Patch0: sonic-workspace-6.6.4-mask-throttle.patch ## upstreamable Patches @@ -691,15 +690,6 @@ fi %changelog -* Thu Jul 02 2026 Anders da Silva Rytter Hansen - 6.6.4-15 -- Reduce per-frame compositor work during panel floating animation: - throttle blur/contrast mask updates and avoid setGeometry/slideWindow - calls on every animation frame. - -* Thu Jul 02 2026 Anders da Silva Rytter Hansen - 6.6.4-14 -- Handle zero-duration floating panel animation so the panel can switch states - instantly without stutter. - * Fri Apr 10 2026 Steve Cossette - 6.6.4-1 - 6.6.4