| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Not sure why this got in there, but it is incorrect as it results in
creating files with too liberal permissions.
(cherry picked from commit 68f5097fd531b7c3429bc41e982e939c455f0c81)
|
| |
|
|
|
|
| |
This line affects every command run by the user, unlike everything else
in our policy which is just for vncserver/vncsession. It's easy to miss
this so add a comment pointing it out.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow vnc session labeled with SELinux vnc_session_t domain to create
directory in user homedir ~/.vnc labeled with SELinux label xdm_home_t.
Because also process vncpasswd creates ~/.vnc directory, file transition that
userdomain attribute SELinux domain (label for the process) can create the
directory with the same label needs to be added.
userdomain attribute contains following SELinux types:
auditadm_t
dbadm_t
guest_t
logadm_t
secadm_t
staff_t
staff_wine_t
sysadm_t
unconfined_t
user_t
user_wine_t
webadm_t
xguest_t
Signed-off-by: Lukas Vrabec <lvrabec@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the X server is not shut down cleanly, it can leave UNIX domain
sockets around that "vncserver" has previously mis-identified as
evidence that the display number is still in use.
Instead of checking for existence of /tmp/.X11-unix/X<n>, the code
will now attempt to connect to the socket to confirm that there is a
server process listening on this UNIX domain socket. This will
eliminate false positives in the case the UNIX domain socket still
exists but is not associated with a listening Xorg server. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The display check and related setup code was complex due to
compatibility with Perl 4. This included different ways of obtaining
system constants and building system data structures. Perl 5 provides
direct constants and utility methods to abstract this out of the
vncserver code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the X server is not shut down cleanly, it may leave lock files
around that "vncserver" has previously mis-identified as evidence that
the display number is still in use.
Instead of checking for existence of /tmp/.X<n>-lock, the code will
now extract the PID from the lock file and confirm that a process
exists with the same PID. This will eliminate false positives in the
case that this file references a PID that no longer exists. The Xorg
server does not have a problem with fixing this file when it next
starts up. It is only important to avoid using the port if it is still
in use.
|
| | |
| |
| |
| |
| |
| | |
The display check had duplicate code to first check if the X11 port is
not in use, and then check that the RFB port is not in use. Eliminate
the duplicate code by using a for-loop.
|
| | |
| |
| |
| |
| |
| |
| | |
Several calculated values such as file paths and port numbers were
hard coded within strings or expressions, sometimes multiple
times. These values should be extracted into named variables to
improve self-documentation and avoid accidental divergence.
|
| | |
| |
| |
| |
| |
| | |
Checking for the existence of `/tmp/.X<n>-lock` is a fast read-only
operation, while calls to bind() or connect() are more expensive and
may have side effects. Perform the fast operation first.
|
| |/
|
|
|
|
| |
The check for existence of `/usr/spool/sockets/X11/<n>` has been
removed. This file is only relevant on HP-UX, and TigerVNC dropped
support for HP-UX in commit 31e5aa3.
|
| |
|
|
|
|
|
| |
It's quite easy to make a mistake and add an additional space when configuring
users in the vncserver.users config file. You will then get an error that the
user doesn't exist and it's hard to spot the mistake. Same applies for a space
before the display number.
|
| |
|
|
|
|
|
|
| |
vncsession-start is running in SELinux vnc_session_t domain because of
"SELinuxContext=system_u:system_r:vnc_session_t:s0" option in systemd
vncserver@.service unit file. vncsession-start executing binary
vncsession with SELinux label/type vnc_session_t. This access was not
allowed in vncsession policy.
|
| |
|
|
|
| |
This makes our builds directly compatible with most distributions
without packagers/users having to specify extra flags.
|
| |
|
|
|
|
| |
Running as a service on a SELinux system requires rules so we can
transition to our own context. We also need the proper permissions
to start new user sessions.
|
| |
|
|
|
|
|
|
|
| |
This sets up a more correct session as there are key tasks that
need to be performed by PAM. E.g. systemd will allocate cgroups
and start base services.
In order to easily handle this as a system service the mapping of
displays is now done via a configuration file.
|
| |
|
|
|
| |
Assume we are part of a complete and proper installation and encode the
full expected path in to the vncserver script.
|
| |
|
|
|
| |
It keeps much better track of the X server and startup files than
we can do.
|
| |
|
|
|
|
| |
We need to be started as a system service for things to work correctly
anyway, so delegate the work of starting and stopping things to the
system service manager (e.g. systemd).
|
| |
|
|
|
| |
This is how display managers (e.g. gdm or lightdm) start sessions
and is necessary to get the proper set of environment variables.
|
| |
|
|
|
| |
We don't want to create files in the users home directory unless we
have to. Users can read about how this file works in our man pages.
|
| |
|
|
|
| |
We now have config files for more fine grained control of these
things, so avoid duplicating the functionality.
|
| |
|
|
|
| |
These might contain values we want if we are start from a proper
environment.
|
| |
|
|
|
|
|
| |
It is the most common init system these days so it should not be
hidden in the contrib/ directory.
This also removes all old SysV files from the contrib packages.
|
| |
|
|
| |
Install some example files to make things more easily discoverable.
|
| |
|
|
|
|
| |
When used with -fg we expect the startup script to remain running until
the session is over. This will not happen if the session command is put
in the background using &.
|
| | |
|
| |
|
|
|
| |
Applets don't work anymore so remove everything that has to do
with serving them.
|
| | |
|
| |
|
|
|
|
|
|
| |
for operating systems other than GNU/Linux.
mcookie is a part of util-linux. Usually only GNU/Linux systems have it.
Do not die even if mcookie is not found. Use the previous pure perl code
to generate cookie as fallback.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit introduces support for optional basic system-wide
configuration of vncserver.
The format and syntax of /etc/tigervnc/vncserver* match
that of $HOME/.vnc/config exactly.
Allows /etc/tigervnc/vncserver-config-defaults as well as
/etc/tigervnc/vncserver-config-mandatory. The former is optional
and sets user-overrideable vncserver settings. The latter is
optional, but if it exists takes precedence over all user
$HOME/.vnc/config settings of the same setting name. In the
case where /etc/tigervnc/vncserver-config-mandatory overrides
a setting in $HOME/.vnc/config, the user will be warned that
it has happened.
WARNING: Settings in /etc/tigervnc/vncserver-config-mandatory
are easily subverted by passing args to vncserver on the CLI.
The man page indicates this warning.
This commit also introduces (should have been separate) examination
of all config file settings (not just @ARGV!) when determining
whether or not $HOME/.vnc/passwd needs to be created. That is,
if /etc/tigervnc/vncserver* or $HOME/.vnc/config indicate that
we are NOT using VNC-native authentication, then we don't need
a $HOME/.vnc/passwd created.
Code cleanup:
$xstartup was renamed $xstartupFile for consistency with other
"file" variable names.
For VNC-auth checking, to determine if $HOME/.vnc/passwd needed
creation, the 3-string check against lc($arg2) was in 2 places
and was changed to a simple grep against the new @vncAuthStrings
|
| |\ \ |
|
| | |/
| |
| |
| | |
The helper is no longer needed for clipboard support.
|
| |/
|
| |
Old harmless copy/paste from code above left code confusing as it was reusing the filehandle "XSTARTUP" to write out $vncUserDir/config. This new small change uses a more topical filehandle name for the task at hand.
|
| | |
|
| | |
|
| |
|
|
|
| |
The rest of the code assumes xauth is in PATH, so let's check for
that instead.
|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
When Xvnc fails to start, delete the pid file. Clean pid files of dead processes
when listing them as well.
|
| |
|
|
|
| |
This is plumbing that we shouldn't have to annoy the user with a
separate window for.
|
| |
|
|
| |
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@5061 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
|
|
| |
vncconfig is necessary to enable basic functionality of the TigerVNC system (clipboard transfer, most notably.) It isn't always going to be in the PATH, and in fact, there might be more than one version of it on the system (for instance, a version from RealVNC in /usr/bin and a version from TigerVNC in /opt/TigerVNC/bin.) If it is desirable to disable vncconfig under certain circumstances, then I would suggest adding a command-line option to vncserver to accomplish that.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4709 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
|
|
| |
the system locations. This prevents TigerVNC from picking up the Java classes from a RealVNC installation.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4691 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
| |
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4384 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
| |
|
|
| |
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4383 3789f03b-4d11-0410-bbf8-ca57d06f2519
|
