Skip to content

Allow graphical applications work in Wayland #1930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 14, 2023
Merged

Allow graphical applications work in Wayland #1930

merged 2 commits into from
Nov 14, 2023

Conversation

zpytela
Copy link
Contributor

@zpytela zpytela commented Nov 8, 2023

Resolves: rhbz#2248488

@packit-as-a-service Packit-as-a-Service
Copy link

Cockpit tests failed for commit 3348d60. @martinpitt, @jelly, @mvollmer please check.

@martinpitt
Copy link
Contributor

martinpitt commented Nov 8, 2023
edited
Loading

At first sight this F39 failure is not directly related to this PR change, but it does look like a bug in the policy:

  Running scriptlet: selinux-policy-targeted-39.1-1.fc39.noarch            3/32 
Re-declaration of type virt_bridgehelper_t
Previous declaration of type at /var/lib/selinux/targeted/tmp/modules/100/virt_supplementary/cil:5
Bad type declaration at /var/lib/selinux/targeted/tmp/modules/100/virt_supplementary/cil:5
Failed to build AST
/usr/sbin/semodule:  Failed!

  Upgrading        : cockpit-bridge-304-1.20231108125903473411.main.26.    4/32 
error: lsetfilecon: (42 /usr/libexec/cockpit-ssh;654b87d3, system_u:object_r:cockpit_session_exec_t:s0) Invalid argument
error: Plugin selinux: hook fsm_file_prepare failed

Error unpacking rpm package cockpit-bridge-304-1.20231108125903473411.main.26.gb28914fd0.fc39.x86_64
  Upgrading        : cockpit-system-304-1.20231108125903473411.main.26.    5/32 
error: unpacking of archive failed on file /usr/libexec/cockpit-ssh;654b87d3: cpio: (error 0x2)
error: cockpit-bridge-304-1.20231108125903473411.main.26.gb28914fd0.fc39.x86_64: install failed

Retrying once to compare. Update: Failed in the same way, this needs a fix.

@zpytela
Copy link
Contributor Author

zpytela commented Nov 8, 2023

I don't think it's a bug in policy, some changes and especially some modules (like virt_supplementary) are only in the latest branch.

@martinpitt martinpitt mentioned this pull request Nov 9, 2023
Merged
@zpytela
Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
df869b3 
The xserver_clients_write_xshm boolean allows writing to xserver_tmpfs_t
files, this commit also adds the map permission.

The commit addresses the following AVC denial:
type=AVC msg=audit(1699352146.594:3256): avc:  denied  { map } for  pid=481494 comm="Xephyr" path=2F6D656D66643A786F7267202864656C6574656429 dev="tmpfs" ino=92915 scontext=unconfined_u:unconfined_r:sandbox_xserver_t:s0:c10,c580 tcontext=unconfined_u:object_r:xserver_tmpfs_t:s0 tclass=file permissive=1

Resolves: rhbz#2248488
@zpytela zpytela merged commit b1374e9 into fedora-selinux:rawhide Nov 14, 2023
@zpytela zpytela deleted the sandbox-wayland branch November 14, 2023 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zpytela @martinpitt