Blame SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch

2ce8eb
From 1919a8ab86c99b47ba86dc697abcdf3343b0aafa Mon Sep 17 00:00:00 2001
2ce8eb
From: Jan Grulich <jgrulich@redhat.com>
2ce8eb
Date: Tue, 1 Feb 2022 14:31:05 +0100
2ce8eb
Subject: Add vncsession-restore script to restore SELinux context
2ce8eb
2ce8eb
The vncsession-restore script is used in the ExecStartPre option
2ce8eb
for systemd service file in order to properly start the session
2ce8eb
in case the policy is updated (e.g. after Tigervnc update).
2ce8eb
2ce8eb
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
2ce8eb
index ae69dc09..04eb6fc4 100644
2ce8eb
--- a/unix/vncserver/CMakeLists.txt
2ce8eb
+++ b/unix/vncserver/CMakeLists.txt
2ce8eb
@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c)
2ce8eb
 target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
2ce8eb
 
2ce8eb
 configure_file(vncserver@.service.in vncserver@.service @ONLY)
2ce8eb
+configure_file(vncsession-restore.in vncsession-restore @ONLY)
2ce8eb
 configure_file(vncsession-start.in vncsession-start @ONLY)
2ce8eb
 configure_file(vncserver.in vncserver @ONLY)
2ce8eb
 configure_file(vncsession.man.in vncsession.man @ONLY)
2ce8eb
@@ -20,4 +21,5 @@ install(FILES HOWTO.md DESTINATION ${CMAKE_INSTALL_FULL_DOCDIR})
2ce8eb
 if(INSTALL_SYSTEMD_UNITS)
2ce8eb
   install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR})
2ce8eb
   install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
2ce8eb
+  install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
2ce8eb
 endif()
2ce8eb
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
2ce8eb
index 39f81b73..a83e05a3 100644
2ce8eb
--- a/unix/vncserver/vncserver@.service.in
2ce8eb
+++ b/unix/vncserver/vncserver@.service.in
2ce8eb
@@ -35,6 +35,7 @@ After=syslog.target network.target
2ce8eb
 
2ce8eb
 [Service]
2ce8eb
 Type=forking
2ce8eb
+ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i
2ce8eb
 ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
2ce8eb
 PIDFile=/run/vncsession-%i.pid
2ce8eb
 SELinuxContext=system_u:system_r:vnc_session_t:s0
2ce8eb
diff --git a/unix/vncserver/vncsession-restore.in b/unix/vncserver/vncsession-restore.in
2ce8eb
new file mode 100644
2ce8eb
index 00000000..d3abc57d
2ce8eb
--- /dev/null
2ce8eb
+++ b/unix/vncserver/vncsession-restore.in
2ce8eb
@@ -0,0 +1,68 @@
2ce8eb
+#!/bin/bash
2ce8eb
+#
2ce8eb
+#  Copyright 2022 Jan Grulich <jgrulich@redhat.com>
2ce8eb
+#
2ce8eb
+#  This is free software; you can redistribute it and/or modify
2ce8eb
+#  it under the terms of the GNU General Public License as published by
2ce8eb
+#  the Free Software Foundation; either version 2 of the License, or
2ce8eb
+#  (at your option) any later version.
2ce8eb
+#
2ce8eb
+#  This software is distributed in the hope that it will be useful,
2ce8eb
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
2ce8eb
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
2ce8eb
+#  GNU General Public License for more details.
2ce8eb
+#
2ce8eb
+#  You should have received a copy of the GNU General Public License
2ce8eb
+#  along with this software; if not, write to the Free Software
2ce8eb
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
2ce8eb
+#  USA.
2ce8eb
+#
2ce8eb
+
2ce8eb
+USERSFILE="@CMAKE_INSTALL_FULL_SYSCONFDIR@/tigervnc/vncserver.users"
2ce8eb
+
2ce8eb
+if [ $# -ne 1 ]; then
2ce8eb
+	echo "Syntax:" >&2
2ce8eb
+	echo "    $0 <display>" >&2
2ce8eb
+	exit 1
2ce8eb
+fi
2ce8eb
+
2ce8eb
+if [ ! -f "${USERSFILE}" ]; then
2ce8eb
+	echo "Users file ${USERSFILE} missing" >&2
2ce8eb
+	exit 1
2ce8eb
+fi
2ce8eb
+
2ce8eb
+DISPLAY="$1"
2ce8eb
+
2ce8eb
+USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'`
2ce8eb
+
2ce8eb
+if [ -z "${USER}" ]; then
2ce8eb
+	echo "No user configured for display ${DISPLAY}" >&2
2ce8eb
+	exit 1
2ce8eb
+fi
2ce8eb
+
2ce8eb
+USER_HOMEDIR=`getent passwd ${USER} | cut -f6 -d:`
2ce8eb
+
2ce8eb
+if [ -z "${USER_HOMEDIR}" ]; then
2ce8eb
+	echo "Failed to get home directory for ${USER}" >&2
2ce8eb
+	exit 1
2ce8eb
+fi
2ce8eb
+
2ce8eb
+if [ ! -d "${USER_HOMEDIR}/.vnc" ]; then
2ce8eb
+	exit 0
2ce8eb
+fi
2ce8eb
+
2ce8eb
+MATCHPATHCON=`which matchpathcon`
2ce8eb
+
2ce8eb
+if [ $? -eq 0 ]; then
2ce8eb
+	${MATCHPATHCON} -V "${USER_HOMEDIR}/.vnc" &>/dev/null
2ce8eb
+	if [ $? -eq 0 ]; then
2ce8eb
+		exit 0
2ce8eb
+	fi
2ce8eb
+fi
2ce8eb
+
2ce8eb
+RESTORECON=`which restorecon`
2ce8eb
+
2ce8eb
+if [ $? -eq 0 ]; then
2ce8eb
+	exec "${RESTORECON}" -R "${USER_HOMEDIR}/.vnc" >&2
2ce8eb
+	return $?
2ce8eb
+fi