diff options
author | Piotr Karbowski <slashbeast@gentoo.org> | 2019-03-21 20:39:09 +0100 |
---|---|---|
committer | Piotr Karbowski <slashbeast@gentoo.org> | 2019-03-21 20:39:09 +0100 |
commit | bdd4b3309fef4c58066f9a5f88b4db448be19dfe (patch) | |
tree | 991d4ebf021e5e6f04c2669fb2398cedf3b2c06f /x11-base/xorg-server | |
parent | media-plugins/kodi-pvr-vuplus: 3.20.0 version bump (diff) | |
download | gentoo-bdd4b3309fef4c58066f9a5f88b4db448be19dfe.tar.gz gentoo-bdd4b3309fef4c58066f9a5f88b4db448be19dfe.tar.bz2 gentoo-bdd4b3309fef4c58066f9a5f88b4db448be19dfe.zip |
x11-base/xorg-server: elogind integration, -suid by default.
This enables users that does not run systemd to have suid-less Xorg. A
privileged entity is required for SETMASTER and DROPMASTER calls to get
control over framebuffer. Additionally elogind with udev grant user
access to input device nodes and elogind alone interfaces the
SETMASTER/DROPMASTER calls.
Xorg-server will do keeptty automatically, meaning one does not need to
pass any extra parameters to `startx` to get things working, It does
take adventage of $XDG_SEAT and $XDG_VTNR set by pam_elogind upon login.
Although it's possible to run rootless without udev (with any /dev
manager, like mdev of busybox), the configure flag that USE=elogind
enables (--enable-systemd-logind) checks if udev toggle is also enabled.
This leads to a situation where udev needs to be present on user system
while building, however, udev does not needs to be running, as long as
user is in video and input system groups, elogind is running and user
logged in when pam_elogind.so was enabled Xorg will start as regular
user.
Closes: https://bugs.gentoo.org/670930
Ack-by: Matt Turner <mattst88@gentoo.org>
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Piotr Karbowski <slashbeast@gentoo.org>
Diffstat (limited to 'x11-base/xorg-server')
-rw-r--r-- | x11-base/xorg-server/metadata.xml | 1 | ||||
-rw-r--r-- | x11-base/xorg-server/xorg-server-1.20.4.ebuild | 14 | ||||
-rw-r--r-- | x11-base/xorg-server/xorg-server-9999.ebuild | 14 |
3 files changed, 23 insertions, 6 deletions
diff --git a/x11-base/xorg-server/metadata.xml b/x11-base/xorg-server/metadata.xml index 74e52195b253..5c14eec54c86 100644 --- a/x11-base/xorg-server/metadata.xml +++ b/x11-base/xorg-server/metadata.xml @@ -7,6 +7,7 @@ </maintainer> <use> <flag name="dmx">Build the Distributed Multiheaded X server</flag> + <flag name="elogind">Use elogind to get control over framebuffer when running as regular user</flag> <flag name="glamor">Enable Glamor OpenGL 2D acceleration</flag> <flag name="kdrive">Build the kdrive X servers</flag> <flag name="unwind">Enable libunwind usage for backtraces</flag> diff --git a/x11-base/xorg-server/xorg-server-1.20.4.ebuild b/x11-base/xorg-server/xorg-server-1.20.4.ebuild index 6a9a3eb1cea4..e5f0a8e00eee 100644 --- a/x11-base/xorg-server/xorg-server-1.20.4.ebuild +++ b/x11-base/xorg-server/xorg-server-1.20.4.ebuild @@ -15,7 +15,7 @@ if [[ ${PV} != 9999* ]]; then fi IUSE_SERVERS="dmx kdrive wayland xephyr xnest xorg xvfb" -IUSE="${IUSE_SERVERS} debug +glamor ipv6 libressl minimal selinux +suid systemd +udev unwind xcsecurity" +IUSE="${IUSE_SERVERS} debug elogind +glamor ipv6 libressl minimal selinux suid systemd +udev unwind xcsecurity" CDEPEND=">=app-eselect/eselect-opengl-1.3.0 !libressl? ( dev-libs/openssl:0= ) @@ -81,7 +81,13 @@ CDEPEND=">=app-eselect/eselect-opengl-1.3.0 systemd? ( sys-apps/dbus sys-apps/systemd - )" + ) + elogind? ( + sys-apps/dbus + sys-auth/elogind + sys-auth/pambase[elogind] + ) + " DEPEND="${CDEPEND} sys-devel/flex @@ -107,6 +113,8 @@ PDEPEND=" REQUIRED_USE="!minimal? ( || ( ${IUSE_SERVERS} ) ) + elogind? ( udev ) + !suid? ( ^^ ( elogind systemd ) ) minimal? ( !glamor !wayland ) xephyr? ( kdrive )" @@ -156,8 +164,8 @@ pkg_setup() { $(use_enable udev config-udev) $(use_with doc doxygen) $(use_with doc xmlto) + $(usex !elogind $(use_enable systemd systemd-logind) '--enable-systemd-logind') $(use_with systemd systemd-daemon) - $(use_enable systemd systemd-logind) $(usex suid $(use_enable systemd suid-wrapper) '--disable-suid-wrapper') $(usex suid $(use_enable !systemd install-setuid) '--disable-install-setuid') --enable-libdrm diff --git a/x11-base/xorg-server/xorg-server-9999.ebuild b/x11-base/xorg-server/xorg-server-9999.ebuild index 187e506211e4..37a691793700 100644 --- a/x11-base/xorg-server/xorg-server-9999.ebuild +++ b/x11-base/xorg-server/xorg-server-9999.ebuild @@ -14,7 +14,7 @@ if [[ ${PV} != 9999* ]]; then fi IUSE_SERVERS="dmx kdrive wayland xephyr xnest xorg xvfb" -IUSE="${IUSE_SERVERS} debug +glamor ipv6 libressl minimal selinux +suid systemd +udev unwind xcsecurity" +IUSE="${IUSE_SERVERS} debug elogind +glamor ipv6 libressl minimal selinux suid systemd +udev unwind xcsecurity" CDEPEND=">=app-eselect/eselect-opengl-1.3.0 !libressl? ( dev-libs/openssl:0= ) @@ -80,7 +80,13 @@ CDEPEND=">=app-eselect/eselect-opengl-1.3.0 systemd? ( sys-apps/dbus sys-apps/systemd - )" + ) + elogind? ( + sys-apps/dbus + sys-auth/elogind + sys-auth/pambase[elogind] + ) + " DEPEND="${CDEPEND} sys-devel/flex @@ -106,6 +112,8 @@ PDEPEND=" REQUIRED_USE="!minimal? ( || ( ${IUSE_SERVERS} ) ) + elogind? ( udev ) + !suid? ( ^^ ( elogind systemd ) ) minimal? ( !glamor !wayland ) xephyr? ( kdrive )" @@ -152,8 +160,8 @@ pkg_setup() { $(use_enable udev config-udev) $(use_with doc doxygen) $(use_with doc xmlto) + $(usex !elogind $(use_enable systemd systemd-logind) '--enable-systemd-logind') $(use_with systemd systemd-daemon) - $(use_enable systemd systemd-logind) $(usex suid $(use_enable systemd suid-wrapper) '--disable-suid-wrapper') $(usex suid $(use_enable !systemd install-setuid) '--disable-install-setuid') --enable-libdrm |