* [oe-core][PATCH] libx11: create tmpfile dir for x11 domain socket
@ 2025-10-02 0:30 rs
2025-10-06 10:38 ` Ross Burton
0 siblings, 1 reply; 3+ messages in thread
From: rs @ 2025-10-02 0:30 UTC (permalink / raw)
To: richard.purdie, ross.burton, mathieu.dubois-briand; +Cc: openembedded-core
From: Randolph Sapp <rs@ti.com>
Register a volatile directory entry for the x11 domain socket when not
using systemd. This will make sure the directory is always created with
the correct permissions. Systemd already provides their own tmpfile.d
entry for the same behavior.
Currently some x11 related applications will create this directory if it
doesn't already exist, but this is not true for everything. In addition,
if the application in question isn't started as root, it's possible this
directory can be owned by a non-root user. This isn't an issue by
itself, but it can potentially lead to problems in a multi-user
environment.
Signed-off-by: Randolph Sapp <rs@ti.com>
---
meta/recipes-graphics/xorg-lib/libx11/99_x11 | 1 +
meta/recipes-graphics/xorg-lib/libx11_1.8.12.bb | 15 +++++++++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-graphics/xorg-lib/libx11/99_x11
diff --git a/meta/recipes-graphics/xorg-lib/libx11/99_x11 b/meta/recipes-graphics/xorg-lib/libx11/99_x11
new file mode 100644
index 0000000000..53c5b49d10
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libx11/99_x11
@@ -0,0 +1 @@
+d root root 1777 /tmp/.X11-unix none
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.8.12.bb b/meta/recipes-graphics/xorg-lib/libx11_1.8.12.bb
index 580e44889d..23a4b228a9 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.8.12.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.8.12.bb
@@ -21,7 +21,8 @@ PE = "1"
XORG_PN = "libX11"
-SRC_URI += "file://disable_tests.patch"
+SRC_URI += "file://disable_tests.patch \
+ file://99_x11"
SRC_URI[sha256sum] = "fa026f9bb0124f4d6c808f9aef4057aad65e7b35d8ff43951cef0abe06bb9a9a"
@@ -35,7 +36,17 @@ PACKAGECONFIG[xcms] = "--enable-xcms,--disable-xcms"
PACKAGES =+ "${PN}-xcb"
-FILES:${PN} += "${datadir}/X11/XKeysymDB ${datadir}/X11/XErrorDB ${datadir}/X11/Xcms.txt"
+do_install:append() {
+ # temporary directory required for x11 domain sockets
+ # systemd provides their own definition using tmpfiles.d
+ if ${@oe.utils.conditional('VIRTUAL-RUNTIME_init_manager', 'systemd', 'false', 'true', d)}; then
+ install -d ${D}${sysconfdir}/default/volatiles
+ install -m 0644 ${UNPACKDIR}/99_x11 ${D}${sysconfdir}/default/volatiles/99_x11
+ fi
+}
+
+FILES:${PN} += "${datadir}/X11/XKeysymDB ${datadir}/X11/XErrorDB ${datadir}/X11/Xcms.txt \
+ ${libdir}/tmpfiles.d/x11.conf ${sysconfdir}/default/volatiles/99_x11"
FILES:${PN}-xcb += "${libdir}/libX11-xcb.so.*"
FILES:${PN}-locale += "${datadir}/X11/locale ${libdir}/X11/locale"
--
2.51.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [oe-core][PATCH] libx11: create tmpfile dir for x11 domain socket
2025-10-02 0:30 [oe-core][PATCH] libx11: create tmpfile dir for x11 domain socket rs
@ 2025-10-06 10:38 ` Ross Burton
2025-10-06 17:21 ` Randolph Sapp
0 siblings, 1 reply; 3+ messages in thread
From: Ross Burton @ 2025-10-06 10:38 UTC (permalink / raw)
To: rs@ti.com
Cc: Richard Purdie, mathieu.dubois-briand@bootlin.com,
openembedded-core@lists.openembedded.org
On 2 Oct 2025, at 01:30, rs@ti.com wrote:
>
> From: Randolph Sapp <rs@ti.com>
>
> Register a volatile directory entry for the x11 domain socket when not
> using systemd. This will make sure the directory is always created with
> the correct permissions. Systemd already provides their own tmpfile.d
> entry for the same behavior.
>
> Currently some x11 related applications will create this directory if it
> doesn't already exist, but this is not true for everything. In addition,
> if the application in question isn't started as root, it's possible this
> directory can be owned by a non-root user. This isn't an issue by
> itself, but it can potentially lead to problems in a multi-user
> environment.
Feel like this should be in xserver (as the xserver is the one creating the sockets), not libx11.
Ross
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [oe-core][PATCH] libx11: create tmpfile dir for x11 domain socket
2025-10-06 10:38 ` Ross Burton
@ 2025-10-06 17:21 ` Randolph Sapp
0 siblings, 0 replies; 3+ messages in thread
From: Randolph Sapp @ 2025-10-06 17:21 UTC (permalink / raw)
To: Ross Burton, rs@ti.com
Cc: Richard Purdie, mathieu.dubois-briand@bootlin.com,
openembedded-core@lists.openembedded.org
On Mon Oct 6, 2025 at 5:38 AM CDT, Ross Burton wrote:
> On 2 Oct 2025, at 01:30, rs@ti.com wrote:
>>
>> From: Randolph Sapp <rs@ti.com>
>>
>> Register a volatile directory entry for the x11 domain socket when not
>> using systemd. This will make sure the directory is always created with
>> the correct permissions. Systemd already provides their own tmpfile.d
>> entry for the same behavior.
>>
>> Currently some x11 related applications will create this directory if it
>> doesn't already exist, but this is not true for everything. In addition,
>> if the application in question isn't started as root, it's possible this
>> directory can be owned by a non-root user. This isn't an issue by
>> itself, but it can potentially lead to problems in a multi-user
>> environment.
>
> Feel like this should be in xserver (as the xserver is the one creating the sockets), not libx11.
>
> Ross
Fair enough. That got me thinking though, with potentially multiple xserver
providers, and systemd already shipping it's own version of that tmpfiles entry,
should this instead be part of sysvinit? If anything, just to be symmetric?
- Randolph
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-06 17:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-02 0:30 [oe-core][PATCH] libx11: create tmpfile dir for x11 domain socket rs
2025-10-06 10:38 ` Ross Burton
2025-10-06 17:21 ` Randolph Sapp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox