aboutsummaryrefslogtreecommitdiffstats
path: root/unix/vncserver
Commit message (Collapse)AuthorAgeFilesLines
* Allow empty value for config valuesLinn Mattsson2024-10-221-1/+1
| | | | | | | | Fixed so config variables can pass an empty argument. Solves issue #1791. (cherry picked from commit dbb6ee4d70ce080b452791a5a6d0f7ec3ac78f91)
* vncsession: use /bin/sh if the user shell is not setCarlos Santos2024-10-181-1/+1
| | | | | | | | | | | An empty shell field in the password file is valid, although not common. Use /bin/sh in this case, as documented in the passwd(5) man page, since the vncserver script requires a non-empty SHELL environment variable. Fixes issue #1786. Signed-off-by: Carlos Santos <casantos@redhat.com> (cherry picked from commit 4db34f73d461b973867ddaf18bf690219229cd7a)
* Create common recursive mkdir()Pierre Ossman2024-05-301-22/+27
| | | | | | | Avoid duplicating this complexity in too many places. At the same time make the interface more identical to regular mkdir(), for familiarity.
* Only do restorecon() for legacy directoryPierre Ossman2024-05-301-12/+12
| | | | | This is only needed because of an historical type change of the legacy directory, so avoid doing it anywhere else.
* Fix late vncsession loggingPierre Ossman2024-05-301-0/+7
| | | | | | | | | The syslog file descriptor will be closed when we are cleaning up in preparation for running the vncserver script, so we need to explicitly reopen things in case we need to log errors. At the same time, try to be polite and explicitly close the log when appropriate.
* Respect PAM modules for $XDG_STATE_HOMEPierre Ossman2024-05-301-3/+16
| | | | | E.g. pam_env.so might modify this variable, so we should see what we get out of PAM when building a log file path.
* Add comment that PAM configuration is an examplePierre Ossman2024-05-201-0/+4
| | | | | | There is too much variation between distributions for us to have a good PAM configuration that works everywhere. Try to make this more obvious by having a comment at the top of the file.
* Merge pull request #1737 from 62832/fix-1195Samuel Mannehed (ThinLinc team)2024-05-079-52/+134
|\ | | | | Allow for alternative user config locations, deprecate `~/.vnc` in favour of XDG Base Directory Specification paths
| * Implement XDG Base Directory paths, deprecate ~/.vnc902024-04-269-60/+134
| |
| * Begin work on XDGBDS compliance and overrideable configs902024-03-151-2/+10
| |
* | Add .gitignore for SELinux filesPierre Ossman2024-04-261-0/+2
| |
* | Don't trigger build from install targetPierre Ossman2024-04-261-1/+1
| | | | | | | | | | | | The norm is that the install target is read only from the point of view of the source and build directory, so avoid accidentally triggering any build.
* | Clean up temporary SELinux directoryPierre Ossman2024-04-261-0/+1
| |
* | Overwrite vncsession.pp.bz2 each timePierre Ossman2024-04-261-1/+1
|/ | | | | Make it easier to work iteratively by not having to remove the output file each time.
* Add option to run vncsession without forking and detachingChuck Zmudzinski2023-11-202-9/+39
| | | | | | | | | | | | Option is -D, which is what sshd uses for the same option. Also add description of the new option to the vncsession man page. Tested on Void Linux using the new option, also tested on Fedora without using the new option. Resolves #1649
* SELinux: Allow vncsession create ~/.vnc directoryZdenek Pytela2023-02-201-0/+1
| | | | | | | | | | | | | Addresses the following AVC denial: type=PROCTITLE msg=audit(01/12/2023 02:58:12.648:696) : proctitle=/usr/sbin/vncsession fedora :1 type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=1 name=/home/fedora/.vnc nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(01/12/2023 02:58:12.648:696) : item=0 name=/home/fedora/ inode=262145 dev=fc:02 mode=dir,700 ouid=fedora ogid=fedora rdev=00:00 obj=unconfined_u:object_r:user_home_dir_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(01/12/2023 02:58:12.648:696) : cwd=/home/fedora type=SYSCALL msg=audit(01/12/2023 02:58:12.648:696) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fff47d52540 a1=0755 a2=0x0 a3=0x0 items=2 ppid=2869 pid=2880 auid=fedora uid=fedora gid=fedora euid=fedora suid=fedora fsuid=fedora egid=fedora sgid=fedora fsgid=fedora tty=(none) ses=8 comm=vncsession exe=/usr/sbin/vncsession subj=system_u:system_r:vnc_session_t:s0 key=(null) type=AVC msg=audit(01/12/2023 02:58:12.648:696) : avc: denied { create } for pid=2880 comm=vncsession name=.vnc scontext=system_u:system_r:vnc_session_t:s0 tcontext=system_u:object_r:vnc_home_t:s0 tclass=dir permissive=0 Resolves: rhbz#2143704
* Fix incorrect typesPierre Ossman2023-01-051-1/+1
| | | | | These types caused an incorrect signed/unsigned behaviour, so let's make sure we use the appropriate type.
* Fix order of qualifiersPierre Ossman2023-01-051-1/+1
| | | | gcc can get upset if they aren't in this order.
* Explicitly mark unused parametersPierre Ossman2023-01-041-0/+5
| | | | | This allows us to separate accidentally unused, from explicitly unused parameters, which allows us to turn on such checks in the compiler.
* Improve error message when `passwd `file has a bad permissionTAKAHASHI Shuuji2022-12-141-1/+3
|
* Don't start sessions until there are usersPierre Ossman2022-12-121-1/+1
| | | | | | Delay startup of VNC sessions until user databases are up and running. This is the same ordering that GDM imposes to make sure users can actually log in.
* Change vncsession startup error messagePierre Ossman2022-03-111-1/+1
| | | | | | | We need to get to the point of starting the session script before we consider things a success. So this can fail in many different ways, not just the daemonization. Adjust the error message to something more generic to reflect this.
* SELinux: use /root/.vnc in file context specificationZdenek Pytela2022-02-071-1/+1
| | | | | | Instead of HOME_ROOT/.vnc, /root/.vnc should be used for user root's home to specify default file context as HOME_ROOT actually means base for home dirs (usually /home).
* Merge branch 'selinux-restorecon' of https://github.com/grulja/tigervncPierre Ossman2022-01-132-1/+17
|\
| * SELinux: restore SELinux context in case of different policiesJan Grulich2022-01-132-1/+17
| |
* | Properly set XDG_CURRENT_DESKTOPPierre Ossman2022-01-101-1/+1
|/ | | | There is no such thing as XDG_DESKTOP_NAMES.
* Merge branch 'fb-session-nfs' of https://github.com/zpytela/tigervncPierre Ossman2021-08-262-32/+47
|\
| * Add vnc_home_t typeZdenek Pytela2021-05-182-15/+13
| | | | | | | | | | | | The new vnc_home_t type for HOME/.vnc directory was added to the policy, backed by a name transition. The vnc_session_t domain can manage files and directories of this type.
| * Allow vnc_session_t manage nfs dirs and files conditionallyZdenek Pytela2021-05-181-0/+5
| | | | | | | | | | | | | | The permissions set to manage directories and files with the nfs_t type is allowed when the use_nfs_home_dirs boolean is turned on. Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
| * selinux: further style and comprehensibility improvementsZdenek Pytela2021-05-181-23/+36
| | | | | | | | | | | | Sections and rules blocks reordered according to the Style guide. https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
| * selinux: Fix issues reported by SELintVit Mojzis2021-05-181-4/+3
| | | | | | | | | | | | Style guide [1] issues only. No impact on policy functionality. [1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
* | Fix build on systems without HOST_NAME_MAXAlex Richardson2021-07-151-2/+11
| | | | | | | | | | | | Some operating systems such as FreeBSD don't define a HOST_NAME_MAX macro. The portable approach to determine the real host name limit is calling sysconf(_SC_HOST_NAME_MAX) so do that instead.
* | Refer to HOWTO.md from config commentsPierre Ossman2021-06-072-2/+4
| | | | | | | | Give people a chance to know about the documentation.
* | Include "session" in examples instead of "desktop"Pierre Ossman2021-06-073-3/+2
| | | | | | | | | | | | It's almost mandatory to specify "session", but fairly rare to need to set "desktop", so let's tweak the examples to avoid confusion and mistakes.
* | SELinux: Add missing compression and install policy to correct directoryJan Grulich2021-05-171-5/+8
|/
* Avoid absolute path for vncserver.usersPierre Ossman2021-05-031-3/+3
| | | | | Build flags control where this file ends up, so avoid assuming a specific path in the HOWTO.
* Reflow HOWTO.md to 72 columnsPierre Ossman2021-05-031-51/+55
| | | | | The line width was very inconsitent in this file, so standardise on the common 72 characters.
* Fix logging in daemonized tl-sessionPierre Ossman2021-03-111-17/+17
| | | | | stderr has been redirected to /dev/null so all logging needs to go to syslog.
* Add documentation to the new systemd supportJan Grulich2021-03-022-0/+120
|
* Merge branch 'noblock' of https://github.com/CendioOssman/tigervncPierre Ossman2021-01-191-1/+0
|\
| * Change streams to be asynchronousPierre Ossman2020-05-211-1/+0
| | | | | | | | | | | | | | | | | | | | Major restructuring of how streams work. Neither input nor output streams are now blocking. This avoids stalling the rest of the client or server when a peer is slow or unresponsive. Note that this puts an extra burden on users of streams to make sure they are allowed to do their work once the underlying transports are ready (e.g. monitoring fds).
* | Change to user's home directory before starting sessionPierre Ossman2020-12-041-0/+3
| | | | | | | | | | This is what display managers do, so it is expected by many environments.
* | Fix incorrect daemonization by vncsessionPierre Ossman2020-11-251-1/+1
| | | | | | | | | | | | We terminated the child instead of the parent after fork(). Reported by Jan Grulich from Red Hat.
* | Fix installation of vncsession.manPierre Ossman2020-10-021-1/+1
| | | | | | | | | | It is now dynamically generated, so it will be in the build directory and not in the source directory.
* | Merge branch 'systemd' of https://github.com/grulja/tigervncPierre Ossman2020-10-023-3/+3
|\ \
| * | Use /run instead of /var/run which is just a symlinkJan Grulich2020-09-293-3/+3
| | |
* | | Merge branch 'sysconfdir' of https://github.com/metalefty/tigervncPierre Ossman2020-10-024-7/+8
|\ \ \ | |/ / |/| |
| * | Replace some more hard-coded /etc with sysconfdirKoichiro IWAO2020-09-232-2/+2
| | |
| * | Do not assume sysconfdir is always /etcKoichiro IWAO2020-09-162-5/+6
| | | | | | | | | | | | Refer @CMAKE_INSTALL_FULL_SYSCONF@ instead.
* | | Tolerate specifying -BoolParam 0 and similarPierre Ossman2020-09-181-4/+4
|/ / | | | | | | | | | | This is needed by vncserver which doesn't know which parameters are boolean, and it cannot use the -Param=Value form as that isn't tolerated by the Xorg code.
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-26 20:09:29 +0000