xserver-nodm-init: Fix the start failure for non-root user

In order to start the xserver, a non-root user should have the cap_sys_admin capability to set the drm master. We try to get the cap_sys_admin capability by setting it in both the thread and file inheritable set. The side effect of this is that we would have to add the "pam" to the distro features if we want use the xserver-nodm-init for a non-root user. [Yocto #11526] (From OE-Core rev: cfd71a68a4931c8bda15357ebb1e9ebcf0e302dc) Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-01 13:58:04 +00:00 · 2020-02-08 20:36:42 +08:00 · 2020-02-08 20:36:42 +08:00 · ba27990093
commit ba27990093
parent a3416a5933
3 changed files with 15 additions and 2 deletions
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/capability.conf
@ -0,0 +1,2 @@
+cap_sys_admin	@USER@
+none	*
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@ -38,6 +38,14 @@ case "$1" in
           if [ -e /dev/hidraw0 ]; then
               chmod o+rw /dev/hidraw*
           fi
+           # Make sure that the Xorg has the cap_sys_admin capability which is
+           # needed for setting the drm master
+           if ! grep -q "^auth.*pam_cap\.so" /etc/pam.d/su; then
+               echo "auth	optional	pam_cap.so" >>/etc/pam.d/su
+           fi
+           if ! /usr/sbin/getcap $XSERVER |  grep -q cap_sys_admin; then
+               /usr/sbin/setcap cap_sys_admin+eip $XSERVER
+           fi
       fi

       # Using su rather than sudo as latest 1.8.1 cause failure [YOCTO #1211]
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init_3.0.bb
@ -10,6 +10,7 @@ SRC_URI = "file://xserver-nodm \
           file://gplv2-license.patch \
           file://xserver-nodm.service.in \
           file://xserver-nodm.conf.in \
+           file://capability.conf \
 "

 S = "${WORKDIR}"
@ -19,7 +20,7 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"

 inherit update-rc.d systemd features_check

-REQUIRED_DISTRO_FEATURES = "x11"
+REQUIRED_DISTRO_FEATURES = "x11 ${@oe.utils.conditional('ROOTLESS_X', '1', 'pam', '', d)}"

 PACKAGECONFIG ??= "blank"
 # dpms and screen saver will be on only if 'blank' is in PACKAGECONFIG
@ -40,6 +41,8 @@ do_install() {
    if [ "${ROOTLESS_X}" = "1" ] ; then
        XUSER_HOME="/home/xuser"
        XUSER="xuser"
+        install -D capability.conf ${D}${sysconfdir}/security/capability.conf
+        sed -i "s:@USER@:${XUSER}:" ${D}${sysconfdir}/security/capability.conf
    else
        XUSER_HOME=${ROOT_HOME}
        XUSER="root"
@ -60,7 +63,7 @@ do_install() {
    fi
 }

-RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account', '', d)}"
+RDEPENDS_${PN} = "xinit ${@oe.utils.conditional('ROOTLESS_X', '1', 'xuser-account libcap libcap-bin', '', d)}"

 INITSCRIPT_NAME = "xserver-nodm"
 INITSCRIPT_PARAMS = "start 9 5 . stop 20 0 1 2 3 6 ."