From 8b1baf589ebad0862791c32c7a9b953071dec20a Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Tue, 5 May 2020 15:04:46 -0400 Subject: meta-agl-profile-graphical: add SMACK labelling for weston The initial patch to allow disabling memfd usage in weston has proven to be naive, as the v7 wayland seat resource changes in Weston 8.0.0 are dependent on them. To avoid needing to make more invasive changes such as forcing the seat resource version back to v6, drop the patch in favor of having Weston run under a System::Weston SMACK label and adding the rules required to have it work. As well, use-XDG_RUNTIMESHARE_DIR.patch and the associated service unit changes have been removed since they are not required now with explicit labelling in place. Bug-AGL: SPEC-3305, SPEC-3350 Signed-off-by: Scott Murray Change-Id: I8aef287219a7f95992a82f4ec2ee8e1822ca4ce8 --- .../recipes-security/security-manager/security-manager_%.bbappend | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 meta-agl-profile-graphical/recipes-security/security-manager/security-manager_%.bbappend (limited to 'meta-agl-profile-graphical/recipes-security/security-manager/security-manager_%.bbappend') diff --git a/meta-agl-profile-graphical/recipes-security/security-manager/security-manager_%.bbappend b/meta-agl-profile-graphical/recipes-security/security-manager/security-manager_%.bbappend new file mode 100644 index 000000000..d6fcb40af --- /dev/null +++ b/meta-agl-profile-graphical/recipes-security/security-manager/security-manager_%.bbappend @@ -0,0 +1,6 @@ + +do_install_append() { + # Needed for wayland-0 socket access and memfd usage + echo "~APP~ System::Weston rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack + echo "System::Weston ~APP~ rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack +} -- cgit 1.2.3-korg