Bug 796315 – make cirrus black list more SELinux friendly

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 796315 - make cirrus black list more SELinux friendly


Summary:	make cirrus black list more SELinux friendly


Status:	RESOLVED FIXED

Product:	gdm
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GDM maintainers
QA Contact:	GDM maintainers

URL:
Whiteboard:

Duplicates:	796311 796314 (view as bug list)
Depends on:
Blocks:

Reported:	2018-05-21 17:11 UTC by Ray Strode [halfline]
Modified:	2018-06-20 16:09 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
utils: add new gdm-disable-wayland binary (4.17 KB, patch) 2018-05-21 17:11 UTC, Ray Strode [halfline]	committed	Details \| Review
data: change cirrus blacklist to use gdm-disable-wayland (3.04 KB, patch) 2018-05-21 17:11 UTC, Ray Strode [halfline]	committed	Details \| Review

Description Ray Strode [halfline] 2018-05-21 17:11:32 UTC

It's too hard to ensure custom.conf gets the right security label when
it's created by printf from the udev rule.

If we do the editing in a separate binary, that binary can transition to
the right context and the ensure the label is correct.

Comment 1 Ray Strode [halfline] 2018-05-21 17:11:40 UTC

Created attachment 372313 [details] [review]
utils: add new gdm-disable-wayland binary

We currently disable wayland for cirrus by calling printf
from a udev rule.  This works, but it's a little too open
coded to easily write SELinux policy for.

This commit introduces a new program, gdm-disable-wayland,
that does the same thing, but in a dedicated binary.

A future commit will change the udev rule to use the binary.

Comment 2 Ray Strode [halfline] 2018-05-21 17:11:44 UTC

Created attachment 372314 [details] [review]
data: change cirrus blacklist to use gdm-disable-wayland

Now that we have a gdm-disable-wayland binary for disabling
wayland at boot, we should use it.

This commit changes the cirrus udev rule to use gdm-disable-wayland,
rather than running sh and printf.

Comment 3 Ray Strode [halfline] 2018-05-21 17:12:08 UTC

Attachment 372313 [details] pushed as 2dc57da - utils: add new gdm-disable-wayland binary
Attachment 372314 [details] pushed as a913eea - data: change cirrus blacklist to use gdm-disable-wayland

Comment 4 Ray Strode [halfline] 2018-05-21 17:40:56 UTC

*** Bug 796314 has been marked as a duplicate of this bug. ***

Comment 5 Ray Strode [halfline] 2018-05-21 17:41:15 UTC

*** Bug 796311 has been marked as a duplicate of this bug. ***

Comment 6 Debarshi Ray 2018-06-20 16:09:49 UTC

This is might also fix https://gitlab.gnome.org/GNOME/gdm/issues/394 in gnome-3-28.