xserver-nodm-init: Add xuser to input group

Fixes [YOCTO 4164](3/3) Input devices come and go, so a single chmod in this init script is not adequate to ensure rootless X servers can use input devices. The o+rw method also introduces a security hole. The newly added input group and input udev rule address this in a secure way. Ensure the xuser is added to the input group. (From OE-Core rev: 150b7ac8e1c0f029b90f63424867ee5347821cf7) Signed-off-by: Darren Hart <dvhart@linux.intel.com> Cc: Saul Wold <sgw@linux.intel.com> Cc: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-04-03 12:49:41 -07:00 · 2013-04-03 12:49:41 -07:00 · 12c9f9a835
parent 530b3b3cd4
commit 12c9f9a835
2 changed files with 2 additions and 3 deletions
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SECTION = "x11"
-PR = "r30"
+PR = "r31"
 RDEPENDS_${PN} = "sudo"

 SRC_URI = "file://xserver-nodm \
@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
 # USERADD_PARAM is in sync with the one in connman.inc
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio \
+                       --groups video,tty,audio,input \
                       --user-group xuser"

--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@ -33,7 +33,6 @@ case "$1" in
           # setting for rootless X
           chmod o+w /var/log
           chmod g+r /dev/tty[0-3]
-           chmod o+rw /dev/input/*
           # hidraw device is probably needed
           if [ -e /dev/hidraw0 ]; then
               chmod o+rw /dev/hidraw*