commit e15477fc4f2fe0e3370ab91cbe74b6352154a707
parent c7358bd99d8c845c372125bd3f30851394e82816
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date: Thu, 31 Dec 2020 08:16:03 +0100
Drop privs for runnin Xorg
Diffstat:
4 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/service/X5/run b/service/X5/run
@@ -1,10 +1,12 @@
-#!/bin/execlineb -P
+#!/command/execlineb -P
+fdmove -c 2 1
s6-envdir env
importas vtN vtN
export XDG_RUNTIME_DIR /run/service/X${vtN}/data
importas XDG_RUNTIME_DIR XDG_RUNTIME_DIR
if { truncate -s 0 ${XDG_RUNTIME_DIR}/Xauthority }
if { chmod 600 ${XDG_RUNTIME_DIR}/Xauthority }
+if { chown xorg:xorg ${XDG_RUNTIME_DIR}/Xauthority }
if {
pipeline {
if { printf "add :%d . " ${vtN} }
@@ -33,13 +35,18 @@ unexport !
fdclose 4
fdclose 3
umask 077
+if { chmod 660 /dev/tty${vtN} }
+if { chown root:xorg /dev/tty${vtN} }
+s6-setuidgid xorg
Xorg
-displayfd 5
-nolisten local
-nolisten tcp
-quiet
- -logfile /dev/stdout
+# -logfile /dev/stdout
+ -logfile ${XDG_RUNTIME_DIR}/log
-auth ${XDG_RUNTIME_DIR}/Xauthority
-tst
-retro
+ -novtswitch
vt${vtN} :${vtN}
diff --git a/service/X6/run b/service/X6/run
@@ -1,10 +1,12 @@
-#!/bin/execlineb -P
+#!/command/execlineb -P
+fdmove -c 2 1
s6-envdir env
importas vtN vtN
export XDG_RUNTIME_DIR /run/service/X${vtN}/data
importas XDG_RUNTIME_DIR XDG_RUNTIME_DIR
if { truncate -s 0 ${XDG_RUNTIME_DIR}/Xauthority }
if { chmod 600 ${XDG_RUNTIME_DIR}/Xauthority }
+if { chown xorg:xorg ${XDG_RUNTIME_DIR}/Xauthority }
if {
pipeline {
if { printf "add :%d . " ${vtN} }
@@ -33,13 +35,18 @@ unexport !
fdclose 4
fdclose 3
umask 077
+if { chmod 660 /dev/tty${vtN} }
+if { chown root:xorg /dev/tty${vtN} }
+s6-setuidgid xorg
Xorg
-displayfd 5
-nolisten local
-nolisten tcp
-quiet
- -logfile /dev/stdout
+# -logfile /dev/stdout
+ -logfile ${XDG_RUNTIME_DIR}/log
-auth ${XDG_RUNTIME_DIR}/Xauthority
-tst
-retro
+ -novtswitch
vt${vtN} :${vtN}
diff --git a/service/X7/run b/service/X7/run
@@ -1,10 +1,12 @@
-#!/bin/execlineb -P
+#!/command/execlineb -P
+fdmove -c 2 1
s6-envdir env
importas vtN vtN
export XDG_RUNTIME_DIR /run/service/X${vtN}/data
importas XDG_RUNTIME_DIR XDG_RUNTIME_DIR
if { truncate -s 0 ${XDG_RUNTIME_DIR}/Xauthority }
if { chmod 600 ${XDG_RUNTIME_DIR}/Xauthority }
+if { chown xorg:xorg ${XDG_RUNTIME_DIR}/Xauthority }
if {
pipeline {
if { printf "add :%d . " ${vtN} }
@@ -33,13 +35,18 @@ unexport !
fdclose 4
fdclose 3
umask 077
+if { chmod 660 /dev/tty${vtN} }
+if { chown root:xorg /dev/tty${vtN} }
+s6-setuidgid xorg
Xorg
-displayfd 5
-nolisten local
-nolisten tcp
-quiet
- -logfile /dev/stdout
+# -logfile /dev/stdout
+ -logfile ${XDG_RUNTIME_DIR}/log
-auth ${XDG_RUNTIME_DIR}/Xauthority
-tst
-retro
+ -novtswitch
vt${vtN} :${vtN}
diff --git a/service/X8/run b/service/X8/run
@@ -1,10 +1,12 @@
-#!/bin/execlineb -P
+#!/command/execlineb -P
+fdmove -c 2 1
s6-envdir env
importas vtN vtN
export XDG_RUNTIME_DIR /run/service/X${vtN}/data
importas XDG_RUNTIME_DIR XDG_RUNTIME_DIR
if { truncate -s 0 ${XDG_RUNTIME_DIR}/Xauthority }
if { chmod 600 ${XDG_RUNTIME_DIR}/Xauthority }
+if { chown xorg:xorg ${XDG_RUNTIME_DIR}/Xauthority }
if {
pipeline {
if { printf "add :%d . " ${vtN} }
@@ -33,13 +35,18 @@ unexport !
fdclose 4
fdclose 3
umask 077
+if { chmod 660 /dev/tty${vtN} }
+if { chown root:xorg /dev/tty${vtN} }
+s6-setuidgid xorg
Xorg
-displayfd 5
-nolisten local
-nolisten tcp
-quiet
- -logfile /dev/stdout
+# -logfile /dev/stdout
+ -logfile ${XDG_RUNTIME_DIR}/log
-auth ${XDG_RUNTIME_DIR}/Xauthority
-tst
-retro
+ -novtswitch
vt${vtN} :${vtN}
