Blame SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch

601a16
From 1919a8ab86c99b47ba86dc697abcdf3343b0aafa Mon Sep 17 00:00:00 2001
601a16
From: Jan Grulich <jgrulich@redhat.com>
601a16
Date: Tue, 1 Feb 2022 14:31:05 +0100
601a16
Subject: Add vncsession-restore script to restore SELinux context
601a16
601a16
The vncsession-restore script is used in the ExecStartPre option
601a16
for systemd service file in order to properly start the session
601a16
in case the policy is updated (e.g. after Tigervnc update).
601a16
601a16
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
d7e56c
index ae69dc09..04eb6fc4 100644
601a16
--- a/unix/vncserver/CMakeLists.txt
601a16
+++ b/unix/vncserver/CMakeLists.txt
601a16
@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c)
601a16
 target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
d7e56c
 
601a16
 configure_file(vncserver@.service.in vncserver@.service @ONLY)
601a16
+configure_file(vncsession-restore.in vncsession-restore @ONLY)
601a16
 configure_file(vncsession-start.in vncsession-start @ONLY)
601a16
 configure_file(vncserver.in vncserver @ONLY)
d7e56c
 configure_file(vncsession.man.in vncsession.man @ONLY)
d7e56c
@@ -20,4 +21,5 @@ install(FILES HOWTO.md DESTINATION ${CMAKE_INSTALL_FULL_DOCDIR})
601a16
 if(INSTALL_SYSTEMD_UNITS)
601a16
   install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR})
601a16
   install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
601a16
+  install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
601a16
 endif()
601a16
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
d7e56c
index 39f81b73..a83e05a3 100644
601a16
--- a/unix/vncserver/vncserver@.service.in
601a16
+++ b/unix/vncserver/vncserver@.service.in
601a16
@@ -35,6 +35,7 @@ After=syslog.target network.target
d7e56c
 
601a16
 [Service]
601a16
 Type=forking
601a16
+ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i
601a16
 ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
601a16
 PIDFile=/run/vncsession-%i.pid
601a16
 SELinuxContext=system_u:system_r:vnc_session_t:s0
601a16
diff --git a/unix/vncserver/vncsession-restore.in b/unix/vncserver/vncsession-restore.in
601a16
new file mode 100644
601a16
index 00000000..d3abc57d
601a16
--- /dev/null
601a16
+++ b/unix/vncserver/vncsession-restore.in
601a16
@@ -0,0 +1,68 @@
601a16
+#!/bin/bash
601a16
+#
601a16
+#  Copyright 2022 Jan Grulich <jgrulich@redhat.com>
601a16
+#
601a16
+#  This is free software; you can redistribute it and/or modify
601a16
+#  it under the terms of the GNU General Public License as published by
601a16
+#  the Free Software Foundation; either version 2 of the License, or
601a16
+#  (at your option) any later version.
601a16
+#
601a16
+#  This software is distributed in the hope that it will be useful,
601a16
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
601a16
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
601a16
+#  GNU General Public License for more details.
601a16
+#
601a16
+#  You should have received a copy of the GNU General Public License
601a16
+#  along with this software; if not, write to the Free Software
601a16
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
601a16
+#  USA.
601a16
+#
601a16
+
601a16
+USERSFILE="@CMAKE_INSTALL_FULL_SYSCONFDIR@/tigervnc/vncserver.users"
601a16
+
601a16
+if [ $# -ne 1 ]; then
601a16
+	echo "Syntax:" >&2
601a16
+	echo "    $0 <display>" >&2
601a16
+	exit 1
601a16
+fi
601a16
+
601a16
+if [ ! -f "${USERSFILE}" ]; then
601a16
+	echo "Users file ${USERSFILE} missing" >&2
601a16
+	exit 1
601a16
+fi
601a16
+
601a16
+DISPLAY="$1"
601a16
+
601a16
+USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'`
601a16
+
601a16
+if [ -z "${USER}" ]; then
601a16
+	echo "No user configured for display ${DISPLAY}" >&2
601a16
+	exit 1
601a16
+fi
601a16
+
601a16
+USER_HOMEDIR=`getent passwd ${USER} | cut -f6 -d:`
601a16
+
601a16
+if [ -z "${USER_HOMEDIR}" ]; then
601a16
+	echo "Failed to get home directory for ${USER}" >&2
601a16
+	exit 1
601a16
+fi
601a16
+
601a16
+if [ ! -d "${USER_HOMEDIR}/.vnc" ]; then
601a16
+	exit 0
601a16
+fi
601a16
+
601a16
+MATCHPATHCON=`which matchpathcon`
601a16
+
601a16
+if [ $? -eq 0 ]; then
601a16
+	${MATCHPATHCON} -V "${USER_HOMEDIR}/.vnc" &>/dev/null
601a16
+	if [ $? -eq 0 ]; then
601a16
+		exit 0
601a16
+	fi
601a16
+fi
601a16
+
601a16
+RESTORECON=`which restorecon`
601a16
+
601a16
+if [ $? -eq 0 ]; then
601a16
+	exec "${RESTORECON}" -R "${USER_HOMEDIR}/.vnc" >&2
601a16
+	return $?
601a16
+fi