Limit sandbox dependencies RHEL > 9

Resolves: RHEL-32364, RHEL-32363
This commit is contained in:
Petr Lautrbach 2024-05-09 15:56:29 +02:00
parent 2223d963d8
commit 6c667202a9
3 changed files with 70 additions and 2 deletions

View File

@ -0,0 +1,30 @@
From daedef300edce80cf8ee20825292504104dc0221 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Thu, 9 May 2024 16:17:05 +0200
Subject: [PATCH] sandbox: do not fail without xmodmap
Content-type: text/plain
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
sandbox/sandbox | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sandbox/sandbox b/sandbox/sandbox
index 0dc25584dd98..be8722e3b8d3 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -479,7 +479,10 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
xmodmapfile = self.__homedir + "/.xmodmap"
xd = open(xmodmapfile, "w")
- subprocess.Popen(["/usr/bin/xmodmap", "-pke"], stdout=xd).wait()
+ try:
+ subprocess.Popen(["/usr/bin/xmodmap", "-pke"], stdout=xd).wait()
+ except:
+ pass
xd.close()
self.__setup_sandboxrc(self.__options.wm)
--
2.44.0

View File

@ -0,0 +1,35 @@
From d6e533bde4a25e5cdbb9445dfef6080dcaa6f43e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Tue, 20 Feb 2024 11:14:52 +0100
Subject: [PATCH] sandbox: do not run window manager if it's not a session
Content-type: text/plain
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
sandbox/sandbox | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/sandbox/sandbox b/sandbox/sandbox
index be8722e3b8d3..7ab98076fd2b 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -285,15 +285,12 @@ class Sandbox:
fd.write("""#! /bin/sh
#TITLE: %s
# /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
-%s &
-WM_PID=$!
if which dbus-run-session >/dev/null 2>&1; then
dbus-run-session -- %s
else
dbus-launch --exit-with-session %s
fi
-kill -TERM $WM_PID 2> /dev/null
-""" % (command, wm, command, command))
+""" % (command, command, command))
fd.close()
os.chmod(execfile, 0o700)
--
2.44.0

View File

@ -42,6 +42,8 @@ Patch0003: 0003-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0004: 0004-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch Patch0005: 0005-Use-SHA-2-instead-of-SHA-1.patch
Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch Patch0006: 0006-python-sepolicy-Fix-spec-file-dependencies.patch
Patch0007: 0007-sandbox-do-not-fail-without-xmodmap.patch
Patch0008: 0008-sandbox-do-not-run-window-manager-if-it-s-not-a-sess.patch
# Patch list end # Patch list end
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2
@ -273,9 +275,10 @@ Summary: SELinux sandbox utilities
Requires: python3-policycoreutils = %{version}-%{release} Requires: python3-policycoreutils = %{version}-%{release}
%if 0%{?fedora} || 0%{?rhel} <= 9 %if 0%{?fedora} || 0%{?rhel} <= 9
Requires: xorg-x11-server-Xephyr >= 1.14.1-2 Requires: xorg-x11-server-Xephyr >= 1.14.1-2
%endif Requires: xmodmap
Requires: /usr/bin/rsync /usr/bin/xmodmap
Requires: matchbox-window-manager Requires: matchbox-window-manager
%endif
Requires: rsync
BuildRequires: libcap-ng-devel BuildRequires: libcap-ng-devel
%description sandbox %description sandbox