* [PATCH 0/2] rootless x support v2
@ 2011-02-23 2:14 Yu Ke
2011-02-23 2:14 ` [PATCH 1/2] xf86-video-intel: add config option to support rootless X Yu Ke
2011-02-23 2:14 ` [PATCH 2/2] xserver-nodm-init: add rootless-x support Yu Ke
0 siblings, 2 replies; 3+ messages in thread
From: Yu Ke @ 2011-02-23 2:14 UTC (permalink / raw)
To: poky
this patch set add the rootless X support (a.k.a non-root X)
- What is rootless X
Rootless X allow X to be runed with non-root user, to gain better security
Rerence (https://wiki.ubuntu.com/X/Rootless) has more detailed info on this.
- What changes are made to support rootless X
To support rootless X, whole stack including kernle, graphics driver, x server
and userspace setting are all required to change. Fortunately, the former three
already has required changes in upstream, so this patchset only add userspace
setting to enalbe the rootless X.
- How to enable/disable rootless X
Not all machine support rootless X currently, because rootless X requires kernel
mode setting (KMS) in graphics driver and not all graphics driver support KMS,
so a per-machine config "ROOTLESS_X" is introduced to enable/disable rootless X.
so far, ROOTLESS_X is set for atom_pc machine, because its graphics driver(intel
graphics driver) support KMS well.
this patchset has been tested in atom-pc and qemux86 machine poky-image-sato image
changes compare to v1:
- change the user name from yocto to xuser
Pull URL: git://git.pokylinux.org/poky-contrib.git
Branch: kyu3/nonrootx
Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=kyu3/nonrootx
Thanks,
Yu Ke <ke.yu@intel.com>
---
Yu Ke (2):
xf86-video-intel: add config option to support rootless X
xserver-nodm-init: add rootless-x support
meta/conf/machine/atom-pc.conf | 2 +
.../x11-common/xserver-nodm-init.bb | 22 +++++++++++++++++++-
.../x11-common/xserver-nodm-init/Xusername | 1 +
.../x11-common/xserver-nodm-init/xserver-nodm | 4 +++
.../xorg-driver/xf86-video-intel_2.14.0.bb | 5 ++++
5 files changed, 33 insertions(+), 1 deletions(-)
create mode 100644 meta/recipes-graphics/x11-common/xserver-nodm-init/Xusername
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/2] xf86-video-intel: add config option to support rootless X
2011-02-23 2:14 [PATCH 0/2] rootless x support v2 Yu Ke
@ 2011-02-23 2:14 ` Yu Ke
2011-02-23 2:14 ` [PATCH 2/2] xserver-nodm-init: add rootless-x support Yu Ke
1 sibling, 0 replies; 3+ messages in thread
From: Yu Ke @ 2011-02-23 2:14 UTC (permalink / raw)
To: poky
- add global config option ROOTLESS_X to control if enable
rootless X for the machine. ROOTLESS_X requires graphics
driver supporting KMS (kernel mode setting), so far, only
atom_pc support this. so enable ROOTLESS_X for atom_pc machine
- add config options for xf86-video-intel to support rootless X
Signed-off-by: Yu Ke <ke.yu@intel.com>
---
meta/conf/machine/atom-pc.conf | 2 ++
.../xorg-driver/xf86-video-intel_2.14.0.bb | 5 +++++
2 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/meta/conf/machine/atom-pc.conf b/meta/conf/machine/atom-pc.conf
index 58c9b0d..b94deb2 100644
--- a/meta/conf/machine/atom-pc.conf
+++ b/meta/conf/machine/atom-pc.conf
@@ -42,3 +42,5 @@ GLIBC_ADDONS = "nptl"
GLIBC_EXTRA_OECONF = "--with-tls"
EXTRA_OECONF_append_pn-matchbox-panel-2 = " --with-battery=acpi"
+
+ROOTLESS_X = "1"
diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_2.14.0.bb b/meta/recipes-graphics/xorg-driver/xf86-video-intel_2.14.0.bb
index 017a2e0..099cf9d 100644
--- a/meta/recipes-graphics/xorg-driver/xf86-video-intel_2.14.0.bb
+++ b/meta/recipes-graphics/xorg-driver/xf86-video-intel_2.14.0.bb
@@ -9,8 +9,13 @@ Infrastructure (DRI)."
LIC_FILES_CHKSUM = "file://COPYING;md5=8730ad58d11c7bbad9a7066d69f7808e"
+PR = "r1"
+
EXTRA_OECONF += "--disable-xvmc"
+# --enable-kms-only option is required by ROOTLESS_X
+EXTRA_OECONF += '${@base_conditional( "ROOTLESS_X", "1", " --enable-kms-only", "", d )}'
+
DEPENDS += "virtual/libx11 libxvmc drm xf86driproto glproto \
virtual/libgl xineramaproto xf86driproto libpciaccess"
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] xserver-nodm-init: add rootless-x support
2011-02-23 2:14 [PATCH 0/2] rootless x support v2 Yu Ke
2011-02-23 2:14 ` [PATCH 1/2] xf86-video-intel: add config option to support rootless X Yu Ke
@ 2011-02-23 2:14 ` Yu Ke
1 sibling, 0 replies; 3+ messages in thread
From: Yu Ke @ 2011-02-23 2:14 UTC (permalink / raw)
To: poky
most rootless X work are already done in the kernel, xserver and
graphics driver, this patches add the the remaining userspace setting:
- create /etc/X11/Xusername to set rootless X user
- add rootless X user to group video, tty to access /dev/tty[0-4]
and /dev/dri/card0
- grant rootless X user access right to /dev/input/*, /var/log
Signed-off-by: Yu Ke <ke.yu@intel.com>
---
.../x11-common/xserver-nodm-init.bb | 22 +++++++++++++++++++-
.../x11-common/xserver-nodm-init/Xusername | 1 +
.../x11-common/xserver-nodm-init/xserver-nodm | 4 +++
3 files changed, 26 insertions(+), 1 deletions(-)
create mode 100644 meta/recipes-graphics/x11-common/xserver-nodm-init/Xusername
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
index 03a6ca3..a93acc9 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@@ -3,10 +3,11 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
SECTION = "x11"
PRIORITY = "optional"
-PR = "r23"
+PR = "r24"
RDEPENDS_${PN} = "dbus-wait sudo"
SRC_URI = "file://xserver-nodm \
+ file://Xusername \
file://gplv2-license.patch"
S = ${WORKDIR}
@@ -17,6 +18,25 @@ do_install() {
install -d ${D}/etc
install -d ${D}/etc/init.d
install xserver-nodm ${D}/etc/init.d
+ if [ "${ROOTLESS_X}" = "1" ] ; then
+ install -d ${D}/etc/X11
+ install Xusername ${D}/etc/X11
+ fi
+}
+
+pkg_postinst_${PN} () {
+ if [ "x$D" != "x" ] ; then
+ exit 1
+ fi
+
+ if [ -f /etc/X11/Xusername ]; then
+ # create the rootless X user, and add user to group tty, video
+ username=`cat /etc/X11/Xusername`
+ adduser --disabled-password $username
+ # FIXME: use addgroup if busybox addgroup is ready
+ sed -i -e "s/^video:.*/&${username}/g" /etc/group
+ sed -i -e "s/^tty:.*/&${username}/g" /etc/group
+ fi
}
inherit update-rc.d
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/Xusername b/meta/recipes-graphics/x11-common/xserver-nodm-init/Xusername
new file mode 100644
index 0000000..7060e5e
--- /dev/null
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/Xusername
@@ -0,0 +1 @@
+xuser
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index 69ea949..d8c4ba0 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -30,6 +30,10 @@ case "$1" in
echo "Starting Xserver"
if [ -f /etc/X11/Xusername ]; then
username=`cat /etc/X11/Xusername`
+ # setting for rootless X
+ chmod o+w /var/log
+ chmod g+r /dev/tty[0-3]
+ chmod o+rw /dev/input/*
fi
# Using sudo -i here has the nice side effect of making sire
# HOME, USER and other previously problematic variables
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-23 2:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-23 2:14 [PATCH 0/2] rootless x support v2 Yu Ke
2011-02-23 2:14 ` [PATCH 1/2] xf86-video-intel: add config option to support rootless X Yu Ke
2011-02-23 2:14 ` [PATCH 2/2] xserver-nodm-init: add rootless-x support Yu Ke
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.