Run weston with dedicated 'display' user and group

* Create a user/group display * Allow weston to start without mandatory root user * start weston-terminal for each user Bug-AGL: SPEC-546 Change-Id: Id50acdbf5f7c07d5e0440575d42998b8819b5547 Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9135 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-boot-test: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Dominig ar Foll <dominig.arfoll@fridu.net> Reviewed-by: José Bollo <jobol@nonadev.net> Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
author: Ronan Le Martret <ronan.lemartret@iot.bzh> 2017-04-19 16:16:03 +0200
committer: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> 2017-05-16 04:51:29 +0000
commit: 6ca247d19f2a0d7cc0cb1beb8d26c99e7fac337b (patch)
tree: 33f4ff8ea9e3134bede9ff19ea2d596e437d0209 /meta-agl
parent: 7c227f30c8437d2f5a7b95622d97a86149a716c8 (diff)
13 files changed, 161 insertions, 12 deletions
diff --git a/meta-agl/classes/agl-graphical.bbclass b/meta-agl/classes/agl-graphical.bbclass
new file mode 100644
index 000000000..3eb82dbc0
--- /dev/null
+++ b/meta-agl/classes/agl-graphical.bbclass
@@ -0,0 +1,7 @@
+WESTONTTY ??= "1"
+WESTONUSER ??= "display"
+WESTONGROUP ??= "display"
+WESTONARGS ?= "--idle-time=4294967"
+WESTONLAUNCHARGS ??= "--tty /dev/tty${WESTONTTY} --user ${WESTONUSER}"
+DISPLAY_XDG_RUNTIME_DIR ??= "/run/platform/${WESTONUSER}"
+
diff --git a/meta-agl/files/group b/meta-agl/files/group
index 2bba52a06..bd26c5563 100644
--- a/meta-agl/files/group
+++ b/meta-agl/files/group
@@ -83,3 +83,4 @@ vmail::958:
 opensaf::957:
 lldpd::956:
 postdrop::954:
+display::200:
diff --git a/meta-agl/files/passwd b/meta-agl/files/passwd
index 46a671407..c992e52ff 100644
--- a/meta-agl/files/passwd
+++ b/meta-agl/files/passwd
@@ -55,3 +55,4 @@ vmail::958:958:::
 opensaf::957:957:::
 lldpd::956:956:::
 cyrus::955:8:::
+display::200:200:::
diff --git a/meta-agl/recipes-graphics/wayland/wayland/0001-Change-socket-mode-add-rw-for-group.patch b/meta-agl/recipes-graphics/wayland/wayland/0001-Change-socket-mode-add-rw-for-group.patch
new file mode 100644
index 000000000..b04127b57
--- /dev/null
+++ b/meta-agl/recipes-graphics/wayland/wayland/0001-Change-socket-mode-add-rw-for-group.patch
@@ -0,0 +1,29 @@
+From 9162f7d4cfeec7103474e8703218b3679ca9ed10 Mon Sep 17 00:00:00 2001
+From: Ronan Le Martret <ronan.lemartret@iot.bzh>
+Date: Tue, 18 Apr 2017 13:53:26 +0200
+Subject: [PATCH] Change socket mode:add rw for group
+
+Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
+---
+ src/wayland-server.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/wayland-server.c b/src/wayland-server.c
+index 64d1bec..313c5a0 100644
+--- a/src/wayland-server.c
++++ b/src/wayland-server.c
+@@ -1189,7 +1189,10 @@ _wl_display_add_socket(struct wl_display *display, struct wl_socket *s)
+ 		wl_log("bind() failed with error: %m\n");
+ 		return -1;
+ 	}
+-
++	if (chmod(s->addr.sun_path, 0660) < 0) {
++		wl_log("chmod() failed with error: %m\n");
++		return -1;
++	}
+ 	if (listen(s->fd, 128) < 0) {
+ 		wl_log("listen() failed with error: %m\n");
+ 		return -1;
+-- 
+2.6.6
+
diff --git a/meta-agl/recipes-graphics/wayland/wayland_%.bbappend b/meta-agl/recipes-graphics/wayland/wayland_%.bbappend
new file mode 100644
index 000000000..9d1822697
--- /dev/null
+++ b/meta-agl/recipes-graphics/wayland/wayland_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append = "\
+    file://0001-Change-socket-mode-add-rw-for-group.patch \
+    "
diff --git a/meta-agl/recipes-graphics/wayland/weston-ini-conf.bb b/meta-agl/recipes-graphics/wayland/weston-ini-conf.bb
index af0e174f2..986a9eda9 100644
--- a/meta-agl/recipes-graphics/wayland/weston-ini-conf.bb
+++ b/meta-agl/recipes-graphics/wayland/weston-ini-conf.bb
@@ -13,8 +13,9 @@ WESTONCORE[shell]??="desktop-shell.so"
 WESTONCORE[backend]??="drm-backend.so"
 
 WESTONSHELL[locking]="true"
-# Uncomment below to hide panel
-#WESTONSHELL[panel-location]="none"
+# hide panel
+WESTONSHELL[panel-location]="none"
+
 
 WESTONOUTPUT1[agl_screen]??="DEFAULT_SCREEN"
 
diff --git a/meta-agl/recipes-graphics/wayland/weston-init.bbappend b/meta-agl/recipes-graphics/wayland/weston-init.bbappend
index 9b0f434e5..359cb76e5 100644
--- a/meta-agl/recipes-graphics/wayland/weston-init.bbappend
+++ b/meta-agl/recipes-graphics/wayland/weston-init.bbappend
@@ -1,20 +1,54 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 
-WESTONTTY ??= "1"
-WESTONUSER ??= "root"
-WESTONARGS ?= "--idle-time=4294967"
-WESTONLAUNCHARGS ??= "--tty /dev/tty${WESTONTTY} --user ${WESTONUSER}"
+inherit agl-graphical
+
+WESTONSTART ??= "/usr/bin/weston --idle-time=4294967 --tty=${WESTONTTY}"
+WESTONSTART_append = " ${@bb.utils.contains("IMAGE_FEATURES", "debug-tweaks", " --log=${DISPLAY_XDG_RUNTIME_DIR}/weston.log", "",d)}"
+
+SRC_URI += " \
+    file://weston_tmpfiles.conf \
+    file://weston.service.add \
+"
 
 do_install_append() {
-    sed -e 's,launcher="weston-launch.*--",launcher="weston-launch ${WESTONLAUNCHARGS} --",g' \
-        -e 's,exec openvt $openvt_args --,exec ,g' \
-        -i ${D}${bindir}/weston-start
+    sed -i "/\[Unit\]/aConflicts=getty@tty${WESTONTTY}.service" \
+           ${D}${systemd_system_unitdir}/weston.service
+
+    sed -i "/\[Service\]/r ${S}/weston.service.add" \
+           ${D}${systemd_system_unitdir}/weston.service
 
     sed -e 's,User=root,User=${WESTONUSER},g' \
-        -e 's,$OPTARGS,${WESTONARGS} $OPTARGS,g' \
+        -e 's,ExecStart=.*,ExecStart=${WESTONSTART},g' \
+        -e 's,@WESTONTTY@,${WESTONTTY},g' \
+        -e 's,@XDG_RUNTIME_DIR@,${DISPLAY_XDG_RUNTIME_DIR},g' \
         -i ${D}${systemd_system_unitdir}/weston.service
 
-    sed -i "/\[Unit\]/aConflicts=getty@tty${WESTONTTY}.service" \
-           ${D}${systemd_system_unitdir}/weston.service
+    # Add a rule to ensure the 'display' user has permissions to
+    # open the graphics device
+    install -d ${D}${sysconfdir}/init.d
+    install -d ${D}${sysconfdir}/udev/rules.d
+    cat >${D}${sysconfdir}/udev/rules.d/zz-dri.rules <<'EOF'
+SUBSYSTEM=="drm", MODE="0660", GROUP="${WESTONGROUP}", SECLABEL{smack}="*"
+EOF
+
+    # user 'display' must own /dev/tty${WESTONTTY} for weston to start correctly
+    cat >${D}${sysconfdir}/udev/rules.d/zz-tty.rules <<'EOF'
+SUBSYSTEM=="tty", KERNEL=="tty${WESTONTTY}", OWNER="${WESTONUSER}", SECLABEL{smack}="^"
+EOF
+
+    # user 'display' must also be able to access /dev/input/*
+    cat >${D}${sysconfdir}/udev/rules.d/zz-input.rules <<'EOF'
+SUBSYSTEM=="input", MODE="0660", GROUP="input", SECLABEL{smack}="^"
+EOF
+
+    install -d ${D}${sysconfdir}/tmpfiles.d
+    install -Dm755 ${WORKDIR}/weston_tmpfiles.conf ${D}/${libdir}/tmpfiles.d/weston.conf
+
+    sed -e 's,@WESTONUSER@,${WESTONUSER},g' \
+        -e 's,@WESTONGROUP@,${WESTONGROUP},g' \
+        -i ${D}/${libdir}/tmpfiles.d/weston.conf
 }
 
+FILES_${PN} += "${libdir}/tmpfiles.d/*.conf"
+
+
diff --git a/meta-agl/recipes-graphics/wayland/weston-init/weston.service.add b/meta-agl/recipes-graphics/wayland/weston-init/weston.service.add
new file mode 100644
index 000000000..3596e9c39
--- /dev/null
+++ b/meta-agl/recipes-graphics/wayland/weston-init/weston.service.add
@@ -0,0 +1,7 @@
+Environment="XDG_RUNTIME_DIR=@XDG_RUNTIME_DIR@"
+TTYPath=/dev/tty@WESTONTTY@
+StandardInput=tty
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+UtmpIdentifier=tty@WESTONTTY@
diff --git a/meta-agl/recipes-graphics/wayland/weston-init/weston_tmpfiles.conf b/meta-agl/recipes-graphics/wayland/weston-init/weston_tmpfiles.conf
new file mode 100644
index 000000000..c4b302faf
--- /dev/null
+++ b/meta-agl/recipes-graphics/wayland/weston-init/weston_tmpfiles.conf
@@ -0,0 +1,6 @@
+# This file is distributed to create weston XDG_RUNTIME_DIR (/run/deamon/@WESTONUSER@)
+#
+# See tmpfiles.d(5) for details
+
+d /run/platform/ 0775 root root -
+d /run/platform/@WESTONUSER@ 0770 @WESTONUSER@ @WESTONGROUP@ -
diff --git a/meta-agl/recipes-graphics/wayland/weston/0001-Allow-regular-users-to-launch-Weston.patch b/meta-agl/recipes-graphics/wayland/weston/0001-Allow-regular-users-to-launch-Weston.patch
new file mode 100644
index 000000000..7b84a67ba
--- /dev/null
+++ b/meta-agl/recipes-graphics/wayland/weston/0001-Allow-regular-users-to-launch-Weston.patch
@@ -0,0 +1,46 @@
+From f5555b045a64231d4beaba51cbbf5f5485173900 Mon Sep 17 00:00:00 2001
+From: Ronan Le Martret <ronan.lemartret@iot.bzh>
+Date: Fri, 14 Apr 2017 19:04:32 +0200
+Subject: [PATCH] Allow regular users to launch Weston
+
+Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
+---
+ configure.ac          | 6 ++++++
+ src/launcher-direct.c | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 1d11864..4e48d52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -131,6 +131,12 @@ if test x$enable_xkbcommon = xyes; then
+ 	COMPOSITOR_MODULES="$COMPOSITOR_MODULES xkbcommon >= 0.3.0"
+ fi
+ 
++AC_ARG_ENABLE(sys-uid, [  --enable-sys-uid],,
++              enable_sys_uid=no)
++if test x$enable_sys_uid = xyes; then
++	AC_DEFINE(ENABLE_SYS_UID, [1], [Allow regular users to launch Weston])
++fi
++
+ AC_ARG_ENABLE(setuid-install, [  --enable-setuid-install],,
+ 	      enable_setuid_install=yes)
+ AM_CONDITIONAL(ENABLE_SETUID_INSTALL, test x$enable_setuid_install = xyes)
+diff --git a/src/launcher-direct.c b/src/launcher-direct.c
+index 29d9c28..1ac6651 100644
+--- a/src/launcher-direct.c
++++ b/src/launcher-direct.c
+@@ -272,8 +272,10 @@ launcher_direct_connect(struct weston_launcher **out, struct weston_compositor *
+ {
+ 	struct launcher_direct *launcher;
+ 
++#ifndef ENABLE_SYS_UID
+ 	if (geteuid() != 0)
+ 		return -EINVAL;
++#endif
+ 
+ 	launcher = zalloc(sizeof(*launcher));
+ 	if (launcher == NULL)
+-- 
+2.6.6
+
diff --git a/meta-agl/recipes-graphics/wayland/weston_%.bbappend b/meta-agl/recipes-graphics/wayland/weston_%.bbappend
index dc984c1d1..0fe75ede6 100644
--- a/meta-agl/recipes-graphics/wayland/weston_%.bbappend
+++ b/meta-agl/recipes-graphics/wayland/weston_%.bbappend
@@ -2,5 +2,7 @@ FILESEXTRAPATHS_append := ":${THISDIR}/${PN}"
 
 SRC_URI_append = "\
     file://0001-compositor-drm.c-Launch-without-input-devices.patch \
+    file://0001-Allow-regular-users-to-launch-Weston.patch \
     "
 
+EXTRA_OECONF_append = " --enable-sys-uid"
diff --git a/meta-agl/recipes-ivi/images/agl-image-ivi.bb b/meta-agl/recipes-ivi/images/agl-image-ivi.bb
index c3e021476..dd4f89b15 100644
--- a/meta-agl/recipes-ivi/images/agl-image-ivi.bb
+++ b/meta-agl/recipes-ivi/images/agl-image-ivi.bb
@@ -9,3 +9,9 @@ LICENSE = "MIT"
 IMAGE_INSTALL_append = "\
     packagegroup-agl-image-ivi \
     "
+
+DISTRO_FEATURES_append = " agl-core-image-profile"
+
+IMAGE_INSTALL += "\
+    agl-desktop-config \
+    "
diff --git a/meta-agl/recipes-ivi/packagegroups/packagegroup-agl-image-ivi.bb b/meta-agl/recipes-ivi/packagegroups/packagegroup-agl-image-ivi.bb
index 6b6ce7075..27e90f808 100644
--- a/meta-agl/recipes-ivi/packagegroups/packagegroup-agl-image-ivi.bb
+++ b/meta-agl/recipes-ivi/packagegroups/packagegroup-agl-image-ivi.bb
@@ -26,3 +26,7 @@ RDEPENDS_${PN} += "\
     packagegroup-agl-ivi-security \
     packagegroup-agl-ivi-kernel \
     "
+
+RDEPENDS_${PN} += "\
+    agl-login-manager \
+    "
author	Ronan Le Martret <ronan.lemartret@iot.bzh>	2017-04-19 16:16:03 +0200
committer	Jan-Simon Moeller <jsmoeller@linuxfoundation.org>	2017-05-16 04:51:29 +0000
commit	6ca247d19f2a0d7cc0cb1beb8d26c99e7fac337b (patch)
tree	33f4ff8ea9e3134bede9ff19ea2d596e437d0209 /meta-agl
parent	7c227f30c8437d2f5a7b95622d97a86149a716c8 (diff)