From 4f6ed4fe27d3dde8716c70d4a77a6f726da630bf Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 09 2020 20:25:54 +0000 Subject: import tigervnc-1.10.1-2.el8 --- diff --git a/SOURCES/tigervnc-systemd-support.patch b/SOURCES/tigervnc-systemd-support.patch index 03a3d28..5db9320 100644 --- a/SOURCES/tigervnc-systemd-support.patch +++ b/SOURCES/tigervnc-systemd-support.patch @@ -599,10 +599,10 @@ index 0000000..904a2d5 + install vncsession.pp $(DESTDIR)$(DATADIR)/selinux/packages/vncsession.pp diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc new file mode 100644 -index 0000000..97fa075 +index 0000000..cd8b411 --- /dev/null +++ b/unix/vncserver/selinux/vncsession.fc -@@ -0,0 +1,23 @@ +@@ -0,0 +1,26 @@ +# +# Copyright 2018 Pierre Ossman for Cendio AB +# @@ -622,6 +622,9 @@ index 0000000..97fa075 +# USA. +# + ++HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_session_home_t,s0) ++HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_session_home_t,s0) ++ +/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0) +/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0) + @@ -635,10 +638,10 @@ index 0000000..3eb6a30 +## diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te new file mode 100644 -index 0000000..43242e6 +index 0000000..af57994 --- /dev/null +++ b/unix/vncserver/selinux/vncsession.te -@@ -0,0 +1,57 @@ +@@ -0,0 +1,72 @@ +# +# Copyright 2018-2020 Pierre Ossman for Cendio AB +# @@ -657,45 +660,60 @@ index 0000000..43242e6 +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# -+ ++ +policy_module(vncsession, 1.0.0); -+ ++ ++gen_require(` ++ type unconfined_t; ++') ++ +type vnc_session_exec_t; +corecmd_executable_file(vnc_session_exec_t) +type vnc_session_t; +init_daemon_domain(vnc_session_t, vnc_session_exec_t) +auth_login_pgm_domain(vnc_session_t) -+ ++ ++type vnc_session_home_t; ++userdom_user_home_content(vnc_session_home_t) ++ +type vnc_session_var_run_t; +files_pid_file(vnc_session_var_run_t) +allow vnc_session_t vnc_session_var_run_t:file manage_file_perms; +files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file) -+ ++ +auth_write_login_records(vnc_session_t) -+ ++ +can_exec(vnc_session_t, vnc_session_exec_t) -+ ++ +userdom_spec_domtrans_all_users(vnc_session_t) +userdom_signal_all_users(vnc_session_t) -+ ++ +allow vnc_session_t self:capability { kill chown dac_override dac_read_search fowner setgid setuid sys_resource }; +allow vnc_session_t self:process { getcap setsched setexec setrlimit }; +allow vnc_session_t self:fifo_file rw_fifo_file_perms; -+ ++ ++manage_files_pattern(vnc_session_t, vnc_session_home_t, vnc_session_home_t) ++manage_fifo_files_pattern(vnc_session_t, vnc_session_home_t, vnc_session_home_t) ++manage_sock_files_pattern(vnc_session_t, vnc_session_home_t, vnc_session_home_t) ++manage_lnk_files_pattern(vnc_session_t, vnc_session_home_t, vnc_session_home_t) ++userdom_user_home_dir_filetrans(vnc_session_t, vnc_session_home_t, {file dir}) ++userdom_user_home_content_filetrans(vnc_session_t, vnc_session_home_t, {file dir}) ++userdom_admin_home_dir_filetrans(vnc_session_t, vnc_session_home_t, dir, ".vnc") ++userdom_admin_home_dir_filetrans(unconfined_t, vnc_session_home_t, dir, ".vnc") ++ +miscfiles_read_localization(vnc_session_t) -+ ++ +kernel_read_kernel_sysctls(vnc_session_t) -+ ++ +logging_append_all_logs(vnc_session_t) -+ ++ +mcs_process_set_categories(vnc_session_t) +mcs_killall(vnc_session_t) -+ ++ +# To create the log file in the user home directory +allow vnc_session_t file_type:dir search_dir_perms; -+userdom_user_home_dir_filetrans_user_home_content(vnc_session_t, dir, ".vnc"); -+userdom_manage_user_home_content_dirs(vnc_session_t); -+userdom_manage_user_home_content_files(vnc_session_t); ++#userdom_manage_user_home_content_dirs(vnc_session_t) ++#userdom_manage_user_home_content_files(vnc_session_t) diff --git a/unix/vncserver/tigervnc.pam b/unix/vncserver/tigervnc.pam new file mode 100644 index 0000000..0f4cb3a diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec index b4a3f67..eb8761f 100644 --- a/SPECS/tigervnc.spec +++ b/SPECS/tigervnc.spec @@ -1,6 +1,6 @@ Name: tigervnc Version: 1.10.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -345,6 +345,10 @@ fi %changelog +* Tue May 26 2020 Jan Grulich - 1.10.1-2 +- Make the systemd service run also for root user + Resolves: bz#1790443 + * Mon Apr 27 2020 Jan Grulich - 1.10.1-1 - Update to 1.10.1 Resolves: bz#1806992