Compare commits
2 commits
e11051fbfb
...
d9c434f619
| Author | SHA1 | Date | |
|---|---|---|---|
| d9c434f619 | |||
| 91c1f3ffff |
3 changed files with 63 additions and 3 deletions
12
sonic-login-manager-selinux/plasmalogin-selinux.te
Normal file
12
sonic-login-manager-selinux/plasmalogin-selinux.te
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
module plasmalogin-selinux 1.0;
|
||||
|
||||
require {
|
||||
type unconfined_t;
|
||||
type xdm_exec_t;
|
||||
class file { entrypoint execute };
|
||||
}
|
||||
|
||||
# Allow the plasmalogin process to execute the X11 user helper binary
|
||||
# which is labeled as xdm_exec_t. This is needed when the plasmalogin
|
||||
# daemon is not running in the xdm_t domain on SELinux enforcing systems.
|
||||
allow unconfined_t xdm_exec_t:file { entrypoint execute };
|
||||
48
sonic-login-manager-selinux/sonic-login-manager-selinux.spec
Normal file
48
sonic-login-manager-selinux/sonic-login-manager-selinux.spec
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
Name: sonic-login-manager-selinux
|
||||
Version: 1.0
|
||||
Release: 1%{?dist}
|
||||
Summary: SELinux policy module for Sonic Login Manager
|
||||
License: MIT
|
||||
URL: https://github.com/Sonic-DE/sonic-login-manager
|
||||
Source0: plasmalogin-selinux.te
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: selinux-policy-devel
|
||||
BuildRequires: checkpolicy
|
||||
Requires: selinux-policy-targeted
|
||||
Requires(post): policycoreutils
|
||||
Requires(postun): policycoreutils
|
||||
|
||||
%description
|
||||
SELinux policy module that allows Sonic Login Manager to launch
|
||||
X11 user sessions when running under SELinux enforcing mode.
|
||||
|
||||
%prep
|
||||
%setup -c -T
|
||||
cp %{SOURCE0} .
|
||||
|
||||
%build
|
||||
# Compile the SELinux type enforcement file into a loadable module package
|
||||
checkmodule -M -m -o plasmalogin-selinux.mod plasmalogin-selinux.te
|
||||
semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod
|
||||
|
||||
%install
|
||||
install -D -m 644 plasmalogin-selinux.pp %{buildroot}%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
|
||||
|
||||
%post
|
||||
# Load the SELinux policy module
|
||||
semodule -i %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp || :
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ]; then
|
||||
# Remove the SELinux policy module on package uninstall
|
||||
semodule -r plasmalogin-selinux || :
|
||||
fi
|
||||
|
||||
%files
|
||||
%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
|
||||
|
||||
%changelog
|
||||
* Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 1.0-1
|
||||
- Initial package with SELinux allow rule for plasmalogin-helper-start-x11user
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
Name: sonic-login-manager
|
||||
Version: 6.6.4
|
||||
Release: 10%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: BSD-3-Clause and CC0-1.0 and (GPL-2.0-only or GPL-3.0-only) and GPL-2.0-or-later and LGPL-2.0-or-later and LGPL-2.1-or-later
|
||||
Summary: QML based login manager for SonicDE
|
||||
|
||||
|
|
@ -73,9 +73,9 @@ BuildRequires: kf6-rpm-macros
|
|||
# for jxl support
|
||||
Requires: kf6-kimageformats%{?_isa}
|
||||
|
||||
%if %{with x11}
|
||||
Requires: xorg-x11-xinit
|
||||
%endif
|
||||
Requires: sonic-login-manager-selinux
|
||||
|
||||
%{?systemd_requires}
|
||||
|
||||
Requires: kf6-filesystem
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue