Compare commits

..

2 commits

Author SHA1 Message Date
d9c434f619 Remove with X11 condition since we will always be using X11
Some checks failed
Build RPMs / build (sonic-interface-libraries.spec) (push) Failing after 5s
Build RPMs / build (sonic-win.spec) (push) Failing after 7s
Build RPMs / build (sonic-workspace.spec) (push) Failing after 6s
2026-06-30 16:46:23 -03:00
91c1f3ffff Add Sonic Login Manager SELinux rule to allow it to start SonicDE X11
Some checks failed
Build RPMs / build (sonic-interface-libraries.spec) (push) Failing after 14s
Build RPMs / build (sonic-win.spec) (push) Failing after 6s
Build RPMs / build (sonic-workspace.spec) (push) Failing after 7s
2026-06-30 16:29:14 -03:00
3 changed files with 63 additions and 3 deletions

View file

@ -0,0 +1,12 @@
module plasmalogin-selinux 1.0;
require {
type unconfined_t;
type xdm_exec_t;
class file { entrypoint execute };
}
# Allow the plasmalogin process to execute the X11 user helper binary
# which is labeled as xdm_exec_t. This is needed when the plasmalogin
# daemon is not running in the xdm_t domain on SELinux enforcing systems.
allow unconfined_t xdm_exec_t:file { entrypoint execute };

View file

@ -0,0 +1,48 @@
Name: sonic-login-manager-selinux
Version: 1.0
Release: 1%{?dist}
Summary: SELinux policy module for Sonic Login Manager
License: MIT
URL: https://github.com/Sonic-DE/sonic-login-manager
Source0: plasmalogin-selinux.te
BuildArch: noarch
BuildRequires: selinux-policy-devel
BuildRequires: checkpolicy
Requires: selinux-policy-targeted
Requires(post): policycoreutils
Requires(postun): policycoreutils
%description
SELinux policy module that allows Sonic Login Manager to launch
X11 user sessions when running under SELinux enforcing mode.
%prep
%setup -c -T
cp %{SOURCE0} .
%build
# Compile the SELinux type enforcement file into a loadable module package
checkmodule -M -m -o plasmalogin-selinux.mod plasmalogin-selinux.te
semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod
%install
install -D -m 644 plasmalogin-selinux.pp %{buildroot}%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
%post
# Load the SELinux policy module
semodule -i %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp || :
%postun
if [ $1 -eq 0 ]; then
# Remove the SELinux policy module on package uninstall
semodule -r plasmalogin-selinux || :
fi
%files
%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
%changelog
* Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 1.0-1
- Initial package with SELinux allow rule for plasmalogin-helper-start-x11user

View file

@ -2,7 +2,7 @@
Name: sonic-login-manager
Version: 6.6.4
Release: 10%{?dist}
Release: 12%{?dist}
License: BSD-3-Clause and CC0-1.0 and (GPL-2.0-only or GPL-3.0-only) and GPL-2.0-or-later and LGPL-2.0-or-later and LGPL-2.1-or-later
Summary: QML based login manager for SonicDE
@ -73,9 +73,9 @@ BuildRequires: kf6-rpm-macros
# for jxl support
Requires: kf6-kimageformats%{?_isa}
%if %{with x11}
Requires: xorg-x11-xinit
%endif
Requires: sonic-login-manager-selinux
%{?systemd_requires}
Requires: kf6-filesystem