From b163339baf23320b17a5c6fb8f212309b4bc1b29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 8 Sep 2021 16:15:00 +0200 Subject: [PATCH] Use a systemd sandbox for the gpm service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sandbox is designed to allow standard select&paste operation on the text console. More fancy uses of gpm are unlikely to work, but that's on purpose: the only thing that people should be using gpm for is the occasional text copying when they land in rescue mode. This serves as an alternative to [1]. The replacement policy is probably stricter in some regards, while less strict in others… But I think it's much less magic and should be easier to maintain. [1] https://src.fedoraproject.org/rpms/gpm/pull-request/4 --- changelog | 5 +++++ gpm.service | 21 +++++++++++++++++++-- gpm.spec | 9 ++++----- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/changelog b/changelog index 6f83fa8..5f41671 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,7 @@ +* Wed Sep 08 2021 Zbigniew Jędrzejewski-Szmek 1.20.7-38 +- A systemd sandbox has been added for the service. The goal is to allow standard + select-and-paste operations to work on the console, and not much else. + * Thu Jul 22 2021 Fedora Release Engineering - 1.20.7-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild @@ -653,3 +657,4 @@ * Thu Jun 19 1997 Erik Troan - built against glibc + diff --git a/gpm.service b/gpm.service index 23007fc..9690b2e 100644 --- a/gpm.service +++ b/gpm.service @@ -1,5 +1,5 @@ [Unit] -Description=Console Mouse manager +Description=Console Mouse Manager ConditionVirtualization=!container # This could probably benefit from socket activation, but honestly I think it @@ -7,9 +7,26 @@ ConditionVirtualization=!container # to add socket activation here. [Service] -ExecStart=/usr/sbin/gpm -m /dev/input/mice -t exps2 +ExecStart=gpm -m /dev/input/mice -t exps2 Type=forking PIDFile=/run/gpm.pid +ProtectSystem=full +ProtectHome=yes +ProtectProc=invisible +ProtectControlGroups=yes +ProtectKernelTunables=yes +PrivateNetwork=yes +CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_SYS_ADMIN +DeviceAllow=char-tty +DeviceAllow=char-input +SystemCallFilter=@basic-io @io-event @network-io @file-system @process ioctl +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +RestrictAddressFamilies=AF_UNIX + +# Note that "special commands" are disallowed by default. +# To enable, add '-S' to ExecStart= line, and tweak the SystemCallFilter= as appropriate. + [Install] WantedBy=multi-user.target diff --git a/gpm.spec b/gpm.spec index 5451b8d..8288050 100644 --- a/gpm.spec +++ b/gpm.spec @@ -27,20 +27,19 @@ Patch7: gpm-1.20.7-rhbz-668480-gpm-types-7-manpage-fixes.patch # Disabled, need to be reviewed Patch9: gpm-1.20.6-capability.patch -Requires(post): systemd info -Requires(preun): systemd info -Requires(postun): systemd +Requires(post): info +Requires(preun): info # this defines the library version that this package builds. %define LIBVER 2.1.0 BuildRequires: sed gawk texinfo bison ncurses-devel autoconf automake libtool libcap-ng-devel -BuildRequires: systemd +BuildRequires: systemd-rpm-macros BuildRequires: make Requires: linuxconsoletools Requires: %{name}-libs = %{version}-%{release} %description Gpm provides mouse support to text-based Linux applications like the -Emacs editor and the Midnight Commander file management system. Gpm +Emacs editor and the Midnight Commander file management system. Gpm also provides console cut-and-paste operations using the mouse and includes a program to allow pop-up menus to appear at the click of a mouse button.