Compare commits

..

1 commit

Author SHA1 Message Date
4e91804f0a Use with file context rules labeling plasmalogin binaries as xdm_exec_t instead
Some checks failed
Build RPMs / build (sonic-interface-libraries.spec) (push) Failing after 9s
Build RPMs / build (sonic-win.spec) (push) Failing after 9s
Build RPMs / build (sonic-workspace.spec) (push) Failing after 6s
2026-06-30 17:16:16 -03:00
9 changed files with 34 additions and 199 deletions

View file

@ -11,7 +11,7 @@
Name: sonic-desktop-interface Name: sonic-desktop-interface
Summary: Plasma Desktop shell Summary: Plasma Desktop shell
Version: 6.6.4 Version: 6.6.4
Release: 13%{?dist} Release: 11%{?dist}
License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only)
#URL: https://invent.kde.org/plasma/%{name} #URL: https://invent.kde.org/plasma/%{name}
@ -393,13 +393,6 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/kaccess.desktop
%changelog %changelog
* Thu Jul 02 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-13
- Revert previous workaround and fix issue in Sonic-Win and Sonic-Workspace instead.
* Thu Jul 02 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-12
- Disable panel floating/opacity animations to avoid stutter when the panel
changes state (e.g. switching virtual desktops).
* Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1 * Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1
- 6.6.4 - 6.6.4

View file

@ -0,0 +1,7 @@
# Label the plasmalogin daemon and helper binaries as X display manager
# executables so they run in the xdm_t domain on SELinux enforcing systems.
/usr/bin/plasmalogin -- system_u:object_r:xdm_exec_t:s0
/usr/libexec/plasmalogin-helper -- system_u:object_r:xdm_exec_t:s0
/usr/libexec/plasmalogin-helper-start-x11user -- system_u:object_r:xdm_exec_t:s0
/usr/libexec/plasma-login-greeter -- system_u:object_r:xdm_exec_t:s0

View file

@ -1,12 +1,10 @@
module plasmalogin-selinux 1.0; module plasmalogin-selinux 1.0;
require { require {
type unconfined_t;
type xdm_exec_t; type xdm_exec_t;
class file { entrypoint execute };
} }
# Allow the plasmalogin process to execute the X11 user helper binary # File context rules for plasmalogin binaries are defined in the
# which is labeled as xdm_exec_t. This is needed when the plasmalogin # accompanying .fc file. Labeling the daemon and helper binaries as
# daemon is not running in the xdm_t domain on SELinux enforcing systems. # xdm_exec_t lets systemd transition plasmalogin into the xdm_t domain,
allow unconfined_t xdm_exec_t:file { entrypoint execute }; # which already has the required permissions to run X11 user sessions.

View file

@ -1,10 +1,11 @@
Name: sonic-login-manager-selinux Name: sonic-login-manager-selinux
Version: 1.0 Version: 1.0.1
Release: 1%{?dist} Release: 1%{?dist}
Summary: SELinux policy module for Sonic Login Manager Summary: SELinux policy module for Sonic Login Manager
License: MIT License: MIT
URL: https://github.com/Sonic-DE/sonic-login-manager URL: https://github.com/Sonic-DE/sonic-login-manager
Source0: plasmalogin-selinux.te Source0: plasmalogin-selinux.te
Source1: plasmalogin-selinux.fc
BuildArch: noarch BuildArch: noarch
@ -15,34 +16,42 @@ Requires(post): policycoreutils
Requires(postun): policycoreutils Requires(postun): policycoreutils
%description %description
SELinux policy module that allows Sonic Login Manager to launch SELinux policy module that labels the Sonic Login Manager binaries as
X11 user sessions when running under SELinux enforcing mode. xdm_exec_t so systemd runs the daemon in the xdm_t domain. This lets
Sonic Login Manager launch X11 user sessions under SELinux enforcing
mode without granting broad unconfined_t permissions.
%prep %prep
%setup -c -T %setup -c -T
cp %{SOURCE0} . cp %{SOURCE0} .
cp %{SOURCE1} .
%build %build
# Compile the SELinux type enforcement file into a loadable module package # Compile the SELinux type enforcement file and file context rules into a loadable module package
checkmodule -M -m -o plasmalogin-selinux.mod plasmalogin-selinux.te checkmodule -M -m -o plasmalogin-selinux.mod plasmalogin-selinux.te
semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod semodule_package -o plasmalogin-selinux.pp -m plasmalogin-selinux.mod -f plasmalogin-selinux.fc
%install %install
install -D -m 644 plasmalogin-selinux.pp %{buildroot}%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp install -D -m 644 plasmalogin-selinux.pp %{buildroot}%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
%post %post
# Load the SELinux policy module # Load the SELinux policy module and apply file contexts to the plasmalogin binaries
semodule -i %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp || : semodule -i %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp || :
restorecon -Rv /usr/bin/plasmalogin /usr/libexec/plasmalogin-helper /usr/libexec/plasmalogin-helper-start-x11user /usr/libexec/plasma-login-greeter || :
%postun %postun
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
# Remove the SELinux policy module on package uninstall # Remove the SELinux policy module and restore default file contexts on uninstall
semodule -r plasmalogin-selinux || : semodule -r plasmalogin-selinux || :
restorecon -Rv /usr/bin/plasmalogin /usr/libexec/plasmalogin-helper /usr/libexec/plasmalogin-helper-start-x11user /usr/libexec/plasma-login-greeter || :
fi fi
%files %files
%{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp %{_datadir}/selinux/packages/targeted/plasmalogin-selinux.pp
%changelog %changelog
* Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 1.0.1-1
- Use with file context rules labeling plasmalogin binaries as xdm_exec_t instead
* Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 1.0-1 * Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 1.0-1
- Initial package with SELinux allow rule for plasmalogin-helper-start-x11user - Initial package with SELinux allow rule for plasmalogin-helper-start-x11user

View file

@ -2,7 +2,7 @@
Name: sonic-login-manager Name: sonic-login-manager
Version: 6.6.4 Version: 6.6.4
Release: 12%{?dist} Release: 13%{?dist}
License: BSD-3-Clause and CC0-1.0 and (GPL-2.0-only or GPL-3.0-only) and GPL-2.0-or-later and LGPL-2.0-or-later and LGPL-2.1-or-later License: BSD-3-Clause and CC0-1.0 and (GPL-2.0-only or GPL-3.0-only) and GPL-2.0-or-later and LGPL-2.0-or-later and LGPL-2.1-or-later
Summary: QML based login manager for SonicDE Summary: QML based login manager for SonicDE
@ -211,9 +211,8 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/kcm_plasmalogin.desk
%changelog %changelog
* Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-12 * Tue Jun 30 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-13
- Add SELinux policy module to allow plasmalogin to launch X11 user sessions - Add SELinux policy dependency to label plasmalogin binaries as xdm_exec_t
- Remove with_X11 condition since we will always be using X11
* Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1 * Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1
- 6.6.4 - 6.6.4

View file

@ -1,42 +0,0 @@
From: Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com>
Date: Thu, 02 Jul 2026 12:00:00 +0000
Subject: [PATCH] Batch strut-triggered workspace rearranges to reduce stutter
When a panel animates between floating and docked states it can change
its strut several times in quick succession. KWin handled those by
calling Workspace::rearrange() immediately, which recalculates work areas
and calls checkWorkspacePosition() on every client. That O(n) work on
every strut update causes visible stutter on X11 when other animations
are running.
Use the existing scheduleRearrange() path instead and bump its timer
from 0 ms to 50 ms so rapid strut changes are coalesced into a single
re-layout. This keeps the work area correct while reducing the amount
of synchronous work done during panel transitions.
---
src/events.cpp | 2 +-
src/workspace.cpp | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- a/src/events.cpp 2026-04-08 10:00:41.000000000 -0300
+++ b/src/events.cpp 2026-07-02 12:20:39.184413094 -0300
@@ -398,7 +398,7 @@
}
if ((dirtyProperties & NET::WMStrut) != 0
|| (dirtyProperties2 & NET::WM2ExtendedStrut) != 0) {
- workspace()->rearrange();
+ workspace()->scheduleRearrange();
}
if ((dirtyProperties & NET::WMIcon) != 0) {
getIcons();
--- a/src/workspace.cpp 2026-04-08 10:00:41.000000000 -0300
+++ b/src/workspace.cpp 2026-07-02 12:20:49.966586529 -0300
@@ -2178,7 +2178,7 @@
void Workspace::scheduleRearrange()
{
- m_rearrangeTimer.start(0);
+ m_rearrangeTimer.start(50);
}
void Workspace::rearrange()

View file

@ -4,7 +4,7 @@
Name: sonic-win Name: sonic-win
Version: 6.6.4 Version: 6.6.4
Release: 12%{?dist} Release: 11%{?dist}
Summary: KDE Window manager Summary: KDE Window manager
License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT
@ -18,7 +18,6 @@ URL: https://github.com/Sonic-DE/%{name}
Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
## upstream patches ## upstream patches
Patch0: sonic-win-6.6.4-strut-throttle.patch
## proposed patches ## proposed patches
@ -298,10 +297,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/xdg/Xwayland-session.d
%changelog %changelog
* Thu Jul 02 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-12
- Batch strut-triggered workspace rearranges to reduce stutter during panel
state transitions.
* Sun Apr 12 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-2 * Sun Apr 12 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-2
- Added evdev as BR for controller support (#22) - Added evdev as BR for controller support (#22)

View file

@ -1,114 +0,0 @@
From: Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com>
Date: Thu, 02 Jul 2026 13:00:00 +0000
Subject: [PATCH] Reduce per-frame compositor work during panel floating animation
PanelView::updateMask() is called once per animation frame while the
panel transitions between docked and floating. It calls
KWindowEffects::enableBlurBehind() and enableBackgroundContrast() which
update the compositor's effect region via X11/D-Bus. Doing this for
every frame causes visible stutter when other animations are running.
Additionally, the animation's valueChanged handler was calling
positionAndResizePanel() every frame, which calls setGeometry(),
emits availableScreenRegionChanged() and calls slideWindow() every
frame even though the panel's X window geometry is constant during the
animation.
Coalesce the blur/contrast updates with a 50 ms single-shot timer and
replace the per-frame positionAndResizePanel() call with a lightweight
updateMask() call. Finalize geometry and effects once when the
animation finishes. This keeps the QML geometry/opacity animation
smooth while drastically reducing synchronous work sent to the
compositor.
---
shell/panelview.cpp | 19 +++++++++++++++++++
shell/panelview.h | 5 +++++
2 files changed, 24 insertions(+)
--- a/shell/panelview.h 2026-04-08 06:33:10.000000000 -0300
+++ b/shell/panelview.h 2026-07-02 13:09:59.011179892 -0300
@@ -8,6 +8,7 @@
#include <Plasma/Theme>
#include <QPointer>
+#include <QAbstractAnimation>
#include <QPropertyAnimation>
#include <QTimer>
#include <QWindow> // For WId
@@ -306,6 +307,7 @@
void adaptToScreen();
void handleQmlStatusChange(QQmlComponent::Status status);
void updateMask();
+ void applyPendingMaskUpdate();
void updateEnabledBorders();
void updatePadding();
void updateFloating();
@@ -363,6 +365,9 @@
LengthMode m_lengthMode;
Plasma::Theme m_theme;
QTimer m_unhideTimer;
+ QTimer m_maskThrottleTimer;
+ bool m_pendingMaskUpdate = false;
+ bool m_forceMaskUpdate = false;
Plasma::Types::BackgroundHints m_backgroundHints;
KSvg::FrameSvg::EnabledBorders m_enabledBorders = KSvg::FrameSvg::AllBorders;
QPointer<QScreen> m_lastScreen;
--- a/shell/panelview.cpp 2026-04-08 06:33:10.000000000 -0300
+++ b/shell/panelview.cpp 2026-07-02 13:39:01.337688294 -0300
@@ -111,6 +111,10 @@
m_strutsTimer.setSingleShot(true);
connect(&m_strutsTimer, &QTimer::timeout, this, &PanelView::updateExclusiveZone);
+ m_maskThrottleTimer.setSingleShot(true);
+ m_maskThrottleTimer.setInterval(50ms);
+ connect(&m_maskThrottleTimer, &QTimer::timeout, this, &PanelView::applyPendingMaskUpdate);
+
connect(m_corona, &Plasma::Corona::editModeChanged, this, &PanelView::updateEditModeLabel);
// Register enums
@@ -1304,6 +1308,17 @@
return;
}
+ if (m_floatingnessAnimation.state() == QAbstractAnimation::Running && !m_forceMaskUpdate) {
+ m_pendingMaskUpdate = true;
+ if (!m_maskThrottleTimer.isActive()) {
+ m_maskThrottleTimer.start();
+ }
+ return;
+ }
+
+ m_forceMaskUpdate = false;
+ m_pendingMaskUpdate = false;
+
// Popups now align to the mask, without it they appear in the wrong position
// always create it and show blur and contrast when needed
QRegion mask;
@@ -1364,6 +1379,14 @@
}
}
+void PanelView::applyPendingMaskUpdate()
+{
+ if (m_pendingMaskUpdate) {
+ m_forceMaskUpdate = true;
+ updateMask();
+ }
+}
+
bool PanelView::canSetStrut() const
{
// read the wm name, need to do this every time which means a roundtrip unfortunately
@@ -1587,10 +1610,10 @@
return;
}
m_floatingness = get<double>(value);
- positionAndResizePanel();
+ updateMask();
});
connect(&m_floatingnessAnimation, &QPropertyAnimation::finished, rootObject, [this]() {
- updateMask();
+ positionAndResizePanel();
});
connect(rootObject, SIGNAL(minPanelHeightChanged()), this, SLOT(updatePadding()));
connect(rootObject, SIGNAL(minPanelWidthChanged()), this, SLOT(updatePadding()));

View file

@ -7,7 +7,7 @@
Name: sonic-workspace Name: sonic-workspace
Summary: Plasma workspace, applications and applets Summary: Plasma workspace, applications and applets
Version: 6.6.4 Version: 6.6.4
Release: 15%{?dist} Release: 13%{?dist}
# Automatically converted from old format: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT - review is highly recommended. # Automatically converted from old format: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT - review is highly recommended.
License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT License: BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-only AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND LGPL-3.0-only AND LGPL-3.0-or-later AND (GPL-2.0-only OR GPL-3.0-only) AND (LGPL-2.1-only OR LGPL-3.0-only) AND MIT
@ -37,7 +37,6 @@ Source40: ssh-agent.conf
Source41: spice-vdagent.conf Source41: spice-vdagent.conf
## upstream patches ## upstream patches
Patch0: sonic-workspace-6.6.4-mask-throttle.patch
## upstreamable Patches ## upstreamable Patches
@ -691,15 +690,6 @@ fi
%changelog %changelog
* Thu Jul 02 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-15
- Reduce per-frame compositor work during panel floating animation:
throttle blur/contrast mask updates and avoid setGeometry/slideWindow
calls on every animation frame.
* Thu Jul 02 2026 Anders da Silva Rytter Hansen <andersrh@users.noreply.github.com> - 6.6.4-14
- Handle zero-duration floating panel animation so the panel can switch states
instantly without stutter.
* Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1 * Fri Apr 10 2026 Steve Cossette <farchord@gmail.com> - 6.6.4-1
- 6.6.4 - 6.6.4