import tigervnc-1.12.0-4.el8
This commit is contained in:
parent
f69346c091
commit
2a8414638a
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/tigervnc-1.11.0.tar.gz
|
SOURCES/tigervnc-1.12.0.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
6f6b621a76b734888748de10c32c2b5b59d40b19 SOURCES/tigervnc-1.11.0.tar.gz
|
44db63993d8ad04f730b0b48e8aca32933bff15a SOURCES/tigervnc-1.12.0.tar.gz
|
||||||
|
116
SOURCES/HOWTO.md
116
SOURCES/HOWTO.md
@ -1,116 +0,0 @@
|
|||||||
# What has changed
|
|
||||||
The previous Tigervnc versions had a wrapper script called `vncserver` which
|
|
||||||
could be run as a user manually to start *Xvnc* process. The usage was quite
|
|
||||||
simple as you just run
|
|
||||||
```
|
|
||||||
$ vncserver :x [vncserver options] [Xvnc options]
|
|
||||||
```
|
|
||||||
and that was it. While this was working just fine, there were issues when users
|
|
||||||
wanted to start a Tigervnc server using *systemd*. For these reasons things were
|
|
||||||
completely changed and there is now a new way how this all is supposed to work.
|
|
||||||
|
|
||||||
# How to start Tigervnc server
|
|
||||||
|
|
||||||
## Add a user mapping
|
|
||||||
With this you can map a user to a particular port. The mapping should be done in
|
|
||||||
`/etc/tigervnc/vncserver.users` configuration file. It should be pretty
|
|
||||||
straightforward once you open the file as there are some examples, but basically
|
|
||||||
the mapping is in form
|
|
||||||
```
|
|
||||||
:x=user
|
|
||||||
```
|
|
||||||
For example you can have
|
|
||||||
```
|
|
||||||
:1=test
|
|
||||||
:2=vncuser
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configure Xvnc options
|
|
||||||
To configure Xvnc parameters, you need to go to the same directory where you did
|
|
||||||
the user mapping and open `vncserver-config-defaults` configuration file. This
|
|
||||||
file is for the default Xvnc configuration and will be applied to every user
|
|
||||||
unless any of the following applies:
|
|
||||||
* The user has its own configuration in `$HOME/.vnc/config`
|
|
||||||
* The same option with different value is configured in
|
|
||||||
`vncserver-config-mandatory` configuration file, which replaces the default
|
|
||||||
configuration and has even a higher priority than the per-user configuration.
|
|
||||||
This option is for system administrators when they want to force particular
|
|
||||||
*Xvnc* options.
|
|
||||||
|
|
||||||
Format of the configuration file is also quite simple as the configuration is
|
|
||||||
in form of
|
|
||||||
```
|
|
||||||
option=value
|
|
||||||
option
|
|
||||||
```
|
|
||||||
for example
|
|
||||||
```
|
|
||||||
session=gnome
|
|
||||||
securitytypes=vncauth,tlsvnc
|
|
||||||
desktop=sandbox
|
|
||||||
geometry=2000x1200
|
|
||||||
localhost
|
|
||||||
alwaysshared
|
|
||||||
```
|
|
||||||
### Note:
|
|
||||||
There is one important option you need to set and that option is the session you
|
|
||||||
want to start. E.g when you want to start GNOME desktop, then you have to use
|
|
||||||
```
|
|
||||||
session=gnome
|
|
||||||
```
|
|
||||||
which should match the name of a session desktop file from `/usr/share/xsessions`
|
|
||||||
directory.
|
|
||||||
|
|
||||||
## Set VNC password
|
|
||||||
You need to set a password for each user in order to be able to start the
|
|
||||||
Tigervnc server. In order to create a password, you just run
|
|
||||||
```
|
|
||||||
$ vncpasswd
|
|
||||||
```
|
|
||||||
as the user you will be starting the server for.
|
|
||||||
### Note:
|
|
||||||
If you were using Tigervnc before for your user and you already created a
|
|
||||||
password, then you will have to make sure the `$HOME/.vnc` folder created by
|
|
||||||
`vncpasswd` will have the correct *SELinux* context. You either can delete this
|
|
||||||
folder and recreate it again by creating the password one more time, or
|
|
||||||
alternatively you can run
|
|
||||||
```
|
|
||||||
$ restorecon -RFv /home/<USER>/.vnc
|
|
||||||
```
|
|
||||||
|
|
||||||
## Start the Tigervnc server
|
|
||||||
Finally you can start the server using systemd service. To do so just run
|
|
||||||
```
|
|
||||||
$ systemctl start vncserver@:x
|
|
||||||
```
|
|
||||||
as root or
|
|
||||||
```
|
|
||||||
$ sudo systemctl start vncserver@:x
|
|
||||||
```
|
|
||||||
as a regular user in case it has permissions to run `sudo`. Don't forget to
|
|
||||||
replace the `:x` by the actual number you configured in the user mapping file.
|
|
||||||
Following our example by running
|
|
||||||
```
|
|
||||||
$ systemctl start vncserver@:1
|
|
||||||
```
|
|
||||||
you will start a Tigervnc server for user `test` with a GNOME session.
|
|
||||||
|
|
||||||
### Note:
|
|
||||||
If you were previously using Tigervnc and you were used to start it using
|
|
||||||
*systemd* then you will need to remove previous *systemd* configuration files,
|
|
||||||
those you most likely copied to `/etc/systemd/system/vncserver@.service`,
|
|
||||||
otherwise this service file will be preferred over the new one installed with
|
|
||||||
latest Tigervnc.
|
|
||||||
|
|
||||||
If you want to use a remote NFS server for the home directories on this machine,
|
|
||||||
you must set the use_nfs_home_dirs boolean:
|
|
||||||
```
|
|
||||||
setsebool -P use_nfs_home_dirs on
|
|
||||||
```
|
|
||||||
|
|
||||||
# Limitations
|
|
||||||
You will not be able to start a Tigervnc server for a user who is already
|
|
||||||
logged into a graphical session. Avoid running the server as the `root` user as
|
|
||||||
it's not a safe thing to do. While running the server as the `root` should work
|
|
||||||
in general, it's not recommended to do so and there might be some things which
|
|
||||||
are not working properly.
|
|
@ -1,74 +0,0 @@
|
|||||||
diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx
|
|
||||||
index f998c6a..fb9dbd4 100644
|
|
||||||
--- a/unix/x0vncserver/Image.cxx
|
|
||||||
+++ b/unix/x0vncserver/Image.cxx
|
|
||||||
@@ -80,6 +80,14 @@ void Image::Init(int width, int height)
|
|
||||||
xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
|
|
||||||
ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
|
|
||||||
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ vlog.error("Invalid display size");
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ exit(1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
|
|
||||||
if (xim->data == NULL) {
|
|
||||||
vlog.error("malloc() failed");
|
|
||||||
@@ -256,6 +264,17 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo)
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ vlog.error("Invalid display size");
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ xim = NULL;
|
|
||||||
+ delete shminfo;
|
|
||||||
+ shminfo = NULL;
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
shminfo->shmid = shmget(IPC_PRIVATE,
|
|
||||||
xim->bytes_per_line * xim->height,
|
|
||||||
IPC_CREAT|0777);
|
|
||||||
diff --git a/vncviewer/PlatformPixelBuffer.cxx b/vncviewer/PlatformPixelBuffer.cxx
|
|
||||||
index a2b506d..9266d9f 100644
|
|
||||||
--- a/vncviewer/PlatformPixelBuffer.cxx
|
|
||||||
+++ b/vncviewer/PlatformPixelBuffer.cxx
|
|
||||||
@@ -49,6 +49,15 @@ PlatformPixelBuffer::PlatformPixelBuffer(int width, int height) :
|
|
||||||
if (!xim)
|
|
||||||
throw rdr::Exception("XCreateImage");
|
|
||||||
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ if (xim)
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ xim = NULL;
|
|
||||||
+ throw rdr::Exception("Invalid display size");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
xim->data = (char*)malloc(xim->bytes_per_line * xim->height);
|
|
||||||
if (!xim->data)
|
|
||||||
throw rdr::Exception("malloc");
|
|
||||||
@@ -152,6 +161,16 @@ bool PlatformPixelBuffer::setupShm()
|
|
||||||
if (!xim)
|
|
||||||
goto free_shminfo;
|
|
||||||
|
|
||||||
+ if (xim->bytes_per_line <= 0 ||
|
|
||||||
+ xim->height <= 0 ||
|
|
||||||
+ xim->height >= INT_MAX / xim->bytes_per_line) {
|
|
||||||
+ XDestroyImage(xim);
|
|
||||||
+ xim = NULL;
|
|
||||||
+ delete shminfo;
|
|
||||||
+ shminfo = NULL;
|
|
||||||
+ throw rdr::Exception("Invalid display size");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
shminfo->shmid = shmget(IPC_PRIVATE,
|
|
||||||
xim->bytes_per_line * xim->height,
|
|
||||||
IPC_CREAT|0600);
|
|
@ -1,43 +0,0 @@
|
|||||||
From 7ab92639848a6059e2b6b88499b008b9606f3af6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: johnmartin-oracle <55413843+johnmartin-oracle@users.noreply.github.com>
|
|
||||||
Date: Thu, 27 Aug 2020 22:30:23 -0400
|
|
||||||
Subject: [PATCH] Update Surface_X11.cxx
|
|
||||||
|
|
||||||
Runtime sellection of ARGB XImage byte order
|
|
||||||
---
|
|
||||||
vncviewer/Surface_X11.cxx | 22 +++++++++++-----------
|
|
||||||
1 file changed, 11 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/vncviewer/Surface_X11.cxx b/vncviewer/Surface_X11.cxx
|
|
||||||
index 6562634dc..8944c3f71 100644
|
|
||||||
--- a/vncviewer/Surface_X11.cxx
|
|
||||||
+++ b/vncviewer/Surface_X11.cxx
|
|
||||||
@@ -123,17 +123,17 @@ void Surface::alloc()
|
|
||||||
// we find such a format
|
|
||||||
templ.type = PictTypeDirect;
|
|
||||||
templ.depth = 32;
|
|
||||||
-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
|
||||||
- templ.direct.alpha = 0;
|
|
||||||
- templ.direct.red = 8;
|
|
||||||
- templ.direct.green = 16;
|
|
||||||
- templ.direct.blue = 24;
|
|
||||||
-#else
|
|
||||||
- templ.direct.alpha = 24;
|
|
||||||
- templ.direct.red = 16;
|
|
||||||
- templ.direct.green = 8;
|
|
||||||
- templ.direct.blue = 0;
|
|
||||||
-#endif
|
|
||||||
+ if (XImageByteOrder(fl_display) == MSBFirst) {
|
|
||||||
+ templ.direct.alpha = 0;
|
|
||||||
+ templ.direct.red = 8;
|
|
||||||
+ templ.direct.green = 16;
|
|
||||||
+ templ.direct.blue = 24;
|
|
||||||
+ } else {
|
|
||||||
+ templ.direct.alpha = 24;
|
|
||||||
+ templ.direct.red = 16;
|
|
||||||
+ templ.direct.green = 8;
|
|
||||||
+ templ.direct.blue = 0;
|
|
||||||
+ }
|
|
||||||
templ.direct.alphaMask = 0xff;
|
|
||||||
templ.direct.redMask = 0xff;
|
|
||||||
templ.direct.greenMask = 0xff;
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
|
||||||
index 2b47f5f5..f78c096f 100644
|
|
||||||
--- a/unix/vncserver/vncsession.c
|
|
||||||
+++ b/unix/vncserver/vncsession.c
|
|
||||||
@@ -99,7 +99,7 @@ begin_daemon(void)
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (pid == 0)
|
|
||||||
+ if (pid != 0)
|
|
||||||
_exit(0);
|
|
||||||
|
|
||||||
/* Send all stdio to /dev/null */
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -up tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor tigervnc-1.3.0/vncviewer/Viewport.cxx
|
|
||||||
--- tigervnc-1.3.0/vncviewer/Viewport.cxx.cursor 2013-12-17 13:28:23.170400013 +0000
|
|
||||||
+++ tigervnc-1.3.0/vncviewer/Viewport.cxx 2013-12-17 13:29:46.095784064 +0000
|
|
||||||
@@ -248,7 +248,7 @@ void Viewport::setCursor(int width, int height, const Point& hotspot,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (Fl::belowmouse() == this)
|
|
||||||
+ if (Fl::belowmouse() == this && cursor)
|
|
||||||
window()->cursor(cursor, cursorHotspot.x, cursorHotspot.y);
|
|
||||||
}
|
|
||||||
|
|
34
SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
Normal file
34
SOURCES/tigervnc-fix-typo-in-mirror-monitor-detection.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 2daf4126882f82b6e392dfbae87205dbdc559c3d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pierre Ossman <ossman@cendio.se>
|
||||||
|
Date: Thu, 23 Dec 2021 15:58:00 +0100
|
||||||
|
Subject: [PATCH] Fix typo in mirror monitor detection
|
||||||
|
|
||||||
|
Bug introduced in fb561eb but still somehow passed manual testing.
|
||||||
|
Resulted in some stray reads off the end of the stack, which were
|
||||||
|
hopefully harmless.
|
||||||
|
---
|
||||||
|
vncviewer/MonitorIndicesParameter.cxx | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/vncviewer/MonitorIndicesParameter.cxx b/vncviewer/MonitorIndicesParameter.cxx
|
||||||
|
index 5130831cb..4ac74dd1a 100644
|
||||||
|
--- a/vncviewer/MonitorIndicesParameter.cxx
|
||||||
|
+++ b/vncviewer/MonitorIndicesParameter.cxx
|
||||||
|
@@ -211,13 +211,13 @@ std::vector<MonitorIndicesParameter::Monitor> MonitorIndicesParameter::fetchMoni
|
||||||
|
// Only keep a single entry for mirrored screens
|
||||||
|
match = false;
|
||||||
|
for (int j = 0; j < ((int) monitors.size()); j++) {
|
||||||
|
- if (monitors[i].x != monitor.x)
|
||||||
|
+ if (monitors[j].x != monitor.x)
|
||||||
|
continue;
|
||||||
|
- if (monitors[i].y != monitor.y)
|
||||||
|
+ if (monitors[j].y != monitor.y)
|
||||||
|
continue;
|
||||||
|
- if (monitors[i].w != monitor.w)
|
||||||
|
+ if (monitors[j].w != monitor.w)
|
||||||
|
continue;
|
||||||
|
- if (monitors[i].h != monitor.h)
|
||||||
|
+ if (monitors[j].h != monitor.h)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
match = true;
|
@ -1,88 +0,0 @@
|
|||||||
diff --git a/unix/xserver/hw/vnc/InputXKB.c b/unix/xserver/hw/vnc/InputXKB.c
|
|
||||||
index f84a6e4..4eac939 100644
|
|
||||||
--- a/unix/xserver/hw/vnc/InputXKB.c
|
|
||||||
+++ b/unix/xserver/hw/vnc/InputXKB.c
|
|
||||||
@@ -226,10 +226,7 @@ void vncPrepareInputDevices(void)
|
|
||||||
|
|
||||||
unsigned vncGetKeyboardState(void)
|
|
||||||
{
|
|
||||||
- DeviceIntPtr master;
|
|
||||||
-
|
|
||||||
- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT);
|
|
||||||
- return XkbStateFieldFromRec(&master->key->xkbInfo->state);
|
|
||||||
+ return XkbStateFieldFromRec(&vncKeyboardDev->master->key->xkbInfo->state);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned vncGetLevelThreeMask(void)
|
|
||||||
@@ -250,7 +247,7 @@ unsigned vncGetLevelThreeMask(void)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
|
|
||||||
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
|
|
||||||
|
|
||||||
act = XkbKeyActionPtr(xkb, keycode, state);
|
|
||||||
if (act == NULL)
|
|
||||||
@@ -275,7 +272,7 @@ KeyCode vncPressShift(void)
|
|
||||||
if (state & ShiftMask)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
|
|
||||||
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
|
|
||||||
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
|
|
||||||
XkbAction *act;
|
|
||||||
unsigned char mask;
|
|
||||||
@@ -315,7 +312,7 @@ size_t vncReleaseShift(KeyCode *keys, size_t maxKeys)
|
|
||||||
|
|
||||||
count = 0;
|
|
||||||
|
|
||||||
- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT);
|
|
||||||
+ master = vncKeyboardDev->master;
|
|
||||||
xkb = master->key->xkbInfo->desc;
|
|
||||||
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
|
|
||||||
XkbAction *act;
|
|
||||||
@@ -371,7 +368,7 @@ KeyCode vncPressLevelThree(void)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
|
|
||||||
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
|
|
||||||
|
|
||||||
act = XkbKeyActionPtr(xkb, keycode, state);
|
|
||||||
if (act == NULL)
|
|
||||||
@@ -402,7 +399,7 @@ size_t vncReleaseLevelThree(KeyCode *keys, size_t maxKeys)
|
|
||||||
|
|
||||||
count = 0;
|
|
||||||
|
|
||||||
- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT);
|
|
||||||
+ master = vncKeyboardDev->master;
|
|
||||||
xkb = master->key->xkbInfo->desc;
|
|
||||||
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
|
|
||||||
XkbAction *act;
|
|
||||||
@@ -447,7 +444,7 @@ KeyCode vncKeysymToKeycode(KeySym keysym, unsigned state, unsigned *new_state)
|
|
||||||
*new_state = state;
|
|
||||||
|
|
||||||
fallback = 0;
|
|
||||||
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
|
|
||||||
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
|
|
||||||
for (key = xkb->min_key_code; key <= xkb->max_key_code; key++) {
|
|
||||||
unsigned int state_out;
|
|
||||||
KeySym dummy;
|
|
||||||
@@ -551,7 +548,7 @@ int vncIsAffectedByNumLock(KeyCode keycode)
|
|
||||||
if (numlock_keycode == 0)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
- xkb = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT)->key->xkbInfo->desc;
|
|
||||||
+ xkb = vncKeyboardDev->master->key->xkbInfo->desc;
|
|
||||||
|
|
||||||
act = XkbKeyActionPtr(xkb, numlock_keycode, state);
|
|
||||||
if (act == NULL)
|
|
||||||
@@ -585,7 +582,7 @@ KeyCode vncAddKeysym(KeySym keysym, unsigned state)
|
|
||||||
KeySym *syms;
|
|
||||||
KeySym upper, lower;
|
|
||||||
|
|
||||||
- master = GetMaster(vncKeyboardDev, KEYBOARD_OR_FLOAT);
|
|
||||||
+ master = vncKeyboardDev->master;
|
|
||||||
xkb = master->key->xkbInfo->desc;
|
|
||||||
for (key = xkb->max_key_code; key >= xkb->min_key_code; key--) {
|
|
||||||
if (XkbKeyNumGroups(xkb, key) == 0)
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
|
|
||||||
index 16c925ee..6398121e 100644
|
|
||||||
--- a/unix/vncpasswd/vncpasswd.cxx
|
|
||||||
+++ b/unix/vncpasswd/vncpasswd.cxx
|
|
||||||
@@ -150,6 +150,8 @@ int main(int argc, char** argv)
|
|
||||||
char yesno[3];
|
|
||||||
if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
|
|
||||||
obfuscatedReadOnly = readpassword();
|
|
||||||
+ } else {
|
|
||||||
+ fprintf(stderr, "A view-only password is not used\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
FILE* fp = fopen(fname,"w");
|
|
@ -1,41 +0,0 @@
|
|||||||
diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx
|
|
||||||
index e4a508c..f555c57 100644
|
|
||||||
--- a/common/rfb/Password.cxx
|
|
||||||
+++ b/common/rfb/Password.cxx
|
|
||||||
@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() {
|
|
||||||
|
|
||||||
void PlainPasswd::replaceBuf(char* b) {
|
|
||||||
if (buf)
|
|
||||||
- memset(buf, 0, strlen(buf));
|
|
||||||
+ memset(buf, 0, length ? length : strlen(buf));
|
|
||||||
CharArray::replaceBuf(b);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
|
||||||
index 3100f90..764692a 100644
|
|
||||||
--- a/common/rfb/util.h
|
|
||||||
+++ b/common/rfb/util.h
|
|
||||||
@@ -51,16 +51,21 @@ namespace rfb {
|
|
||||||
CharArray() : buf(0) {}
|
|
||||||
CharArray(char* str) : buf(str) {} // note: assumes ownership
|
|
||||||
CharArray(size_t len) {
|
|
||||||
+ length = len;
|
|
||||||
buf = new char[len]();
|
|
||||||
}
|
|
||||||
~CharArray() {
|
|
||||||
- delete [] buf;
|
|
||||||
+ if (buf) {
|
|
||||||
+ delete [] buf;
|
|
||||||
+ buf = nullptr;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
void format(const char *fmt, ...) __printf_attr(2, 3);
|
|
||||||
// Get the buffer pointer & clear it (i.e. caller takes ownership)
|
|
||||||
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
|
|
||||||
- void replaceBuf(char* b) {delete [] buf; buf = b;}
|
|
||||||
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
|
|
||||||
char* buf;
|
|
||||||
+ size_t length = 0;
|
|
||||||
private:
|
|
||||||
CharArray(const CharArray&);
|
|
||||||
CharArray& operator=(const CharArray&);
|
|
25
SOURCES/tigervnc-root-user-selinux-context.patch
Normal file
25
SOURCES/tigervnc-root-user-selinux-context.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From faf81b4b238e24fe29eb53f885a25367e212dd7b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Pytela <zpytela@redhat.com>
|
||||||
|
Date: Mon, 7 Feb 2022 10:45:41 +0100
|
||||||
|
Subject: [PATCH] SELinux: use /root/.vnc in file context specification
|
||||||
|
|
||||||
|
Instead of HOME_ROOT/.vnc, /root/.vnc should be used
|
||||||
|
for user root's home to specify default file context
|
||||||
|
as HOME_ROOT actually means base for home dirs (usually /home).
|
||||||
|
---
|
||||||
|
unix/vncserver/selinux/vncsession.fc | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
|
||||||
|
index 6aaf4b1f4..bc81f8f25 100644
|
||||||
|
--- a/unix/vncserver/selinux/vncsession.fc
|
||||||
|
+++ b/unix/vncserver/selinux/vncsession.fc
|
||||||
|
@@ -18,7 +18,7 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
HOME_DIR/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||||
|
-HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||||
|
+/root/\.vnc(/.*)? gen_context(system_u:object_r:vnc_home_t,s0)
|
||||||
|
|
||||||
|
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
||||||
|
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
@ -1,39 +0,0 @@
|
|||||||
From 6125695b80f6a43002f454786115b0a6c1730831 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Grulich <jgrulich@redhat.com>
|
|
||||||
Date: Mon, 17 May 2021 13:44:32 +0200
|
|
||||||
Subject: [PATCH] SELinux: Add missing compression and install policy to
|
|
||||||
correct directory
|
|
||||||
|
|
||||||
---
|
|
||||||
unix/vncserver/selinux/Makefile | 13 ++++++++-----
|
|
||||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/selinux/Makefile b/unix/vncserver/selinux/Makefile
|
|
||||||
index 7497bf846..b23f20f60 100644
|
|
||||||
--- a/unix/vncserver/selinux/Makefile
|
|
||||||
+++ b/unix/vncserver/selinux/Makefile
|
|
||||||
@@ -10,15 +10,18 @@
|
|
||||||
PREFIX=/usr
|
|
||||||
DATADIR=$(PREFIX)/share
|
|
||||||
|
|
||||||
-all: vncsession.pp
|
|
||||||
+all: vncsession.pp.bz2
|
|
||||||
+
|
|
||||||
+%.pp.bz2: %.pp
|
|
||||||
+ bzip2 -9 $^
|
|
||||||
|
|
||||||
%.pp: %.te
|
|
||||||
make -f $(DATADIR)/selinux/devel/Makefile $@
|
|
||||||
|
|
||||||
clean:
|
|
||||||
- rm -f *.pp
|
|
||||||
+ rm -f *.pp *.pp.bz2
|
|
||||||
rm -rf tmp
|
|
||||||
|
|
||||||
-install: vncsession.pp
|
|
||||||
- mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages
|
|
||||||
- install vncsession.pp $(DESTDIR)$(DATADIR)/selinux/packages/vncsession.pp
|
|
||||||
+install: vncsession.pp.bz2
|
|
||||||
+ mkdir -p $(DESTDIR)$(DATADIR)/selinux/packages/targeted/
|
|
||||||
+ install vncsession.pp.bz2 $(DESTDIR)$(DATADIR)/selinux/packages/targeted/vncsession.pp.bz2
|
|
||||||
|
|
@ -1,183 +0,0 @@
|
|||||||
From 386542e6d50eeaa68aa91f821c0725ddd0ab9b2a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Tue, 18 May 2021 12:23:15 +0200
|
|
||||||
Subject: [PATCH] selinux: Fix issues reported by SELint
|
|
||||||
|
|
||||||
Style guide [1] issues only. No impact on policy functionality.
|
|
||||||
|
|
||||||
[1] - https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
|
|
||||||
---
|
|
||||||
unix/vncserver/selinux/vncsession.te | 7 +++----
|
|
||||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
|
||||||
index a773fed39..63ad8a85f 100644
|
|
||||||
--- a/unix/vncserver/selinux/vncsession.te
|
|
||||||
+++ b/unix/vncserver/selinux/vncsession.te
|
|
||||||
@@ -17,7 +17,7 @@
|
|
||||||
# USA.
|
|
||||||
#
|
|
||||||
|
|
||||||
-policy_module(vncsession, 1.0.0);
|
|
||||||
+policy_module(vncsession, 1.0.0)
|
|
||||||
|
|
||||||
gen_require(`
|
|
||||||
attribute userdomain;
|
|
||||||
@@ -42,8 +42,8 @@ can_exec(vnc_session_t, vnc_session_exec_t)
|
|
||||||
userdom_spec_domtrans_all_users(vnc_session_t)
|
|
||||||
userdom_signal_all_users(vnc_session_t)
|
|
||||||
|
|
||||||
-allow vnc_session_t self:capability { kill chown dac_override dac_read_search fowner setgid setuid sys_resource };
|
|
||||||
-allow vnc_session_t self:process { getcap setsched setexec setrlimit };
|
|
||||||
+allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
|
|
||||||
+allow vnc_session_t self:process { getcap setexec setrlimit setsched };
|
|
||||||
allow vnc_session_t self:fifo_file rw_fifo_file_perms;
|
|
||||||
|
|
||||||
manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
|
|
||||||
@@ -65,4 +65,3 @@ logging_append_all_logs(vnc_session_t)
|
|
||||||
|
|
||||||
mcs_process_set_categories(vnc_session_t)
|
|
||||||
mcs_killall(vnc_session_t)
|
|
||||||
-
|
|
||||||
From 23cf514ac265a02dc666e8651dcc579022f0da77 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Zdenek Pytela <zpytela@redhat.com>
|
|
||||||
Date: Tue, 18 May 2021 13:31:53 +0200
|
|
||||||
Subject: [PATCH] selinux: further style and comprehensibility improvements
|
|
||||||
|
|
||||||
Sections and rules blocks reordered according to the Style guide.
|
|
||||||
|
|
||||||
https://github.com/TresysTechnology/refpolicy/wiki/StyleGuide
|
|
||||||
---
|
|
||||||
unix/vncserver/selinux/vncsession.te | 59 +++++++++++++++++-----------
|
|
||||||
1 file changed, 36 insertions(+), 23 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
|
||||||
index 63ad8a85f..86fd6e5ef 100644
|
|
||||||
--- a/unix/vncserver/selinux/vncsession.te
|
|
||||||
+++ b/unix/vncserver/selinux/vncsession.te
|
|
||||||
@@ -20,48 +20,61 @@
|
|
||||||
policy_module(vncsession, 1.0.0)
|
|
||||||
|
|
||||||
gen_require(`
|
|
||||||
- attribute userdomain;
|
|
||||||
- type xdm_home_t;
|
|
||||||
+ attribute userdomain;
|
|
||||||
+ type xdm_home_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
-type vnc_session_exec_t;
|
|
||||||
-corecmd_executable_file(vnc_session_exec_t)
|
|
||||||
type vnc_session_t;
|
|
||||||
+type vnc_session_exec_t;
|
|
||||||
init_daemon_domain(vnc_session_t, vnc_session_exec_t)
|
|
||||||
-auth_login_pgm_domain(vnc_session_t)
|
|
||||||
+can_exec(vnc_session_t, vnc_session_exec_t)
|
|
||||||
|
|
||||||
type vnc_session_var_run_t;
|
|
||||||
files_pid_file(vnc_session_var_run_t)
|
|
||||||
-allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
|
|
||||||
-files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
|
|
||||||
-
|
|
||||||
-auth_write_login_records(vnc_session_t)
|
|
||||||
-
|
|
||||||
-can_exec(vnc_session_t, vnc_session_exec_t)
|
|
||||||
-
|
|
||||||
-userdom_spec_domtrans_all_users(vnc_session_t)
|
|
||||||
-userdom_signal_all_users(vnc_session_t)
|
|
||||||
|
|
||||||
allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };
|
|
||||||
allow vnc_session_t self:process { getcap setexec setrlimit setsched };
|
|
||||||
allow vnc_session_t self:fifo_file rw_fifo_file_perms;
|
|
||||||
|
|
||||||
+allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;
|
|
||||||
+files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)
|
|
||||||
+
|
|
||||||
manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
|
|
||||||
manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
|
|
||||||
manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
|
|
||||||
manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)
|
|
||||||
-userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
|
|
||||||
-userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
|
|
||||||
-
|
|
||||||
-# This also affects other tools, e.g. vncpasswd
|
|
||||||
-userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
|
|
||||||
-userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
|
|
||||||
-
|
|
||||||
-miscfiles_read_localization(vnc_session_t)
|
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(vnc_session_t)
|
|
||||||
|
|
||||||
-logging_append_all_logs(vnc_session_t)
|
|
||||||
+corecmd_executable_file(vnc_session_exec_t)
|
|
||||||
|
|
||||||
mcs_process_set_categories(vnc_session_t)
|
|
||||||
mcs_killall(vnc_session_t)
|
|
||||||
+
|
|
||||||
+optional_policy(`
|
|
||||||
+ auth_login_pgm_domain(vnc_session_t)
|
|
||||||
+ auth_write_login_records(vnc_session_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+optional_policy(`
|
|
||||||
+ logging_append_all_logs(vnc_session_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+optional_policy(`
|
|
||||||
+ miscfiles_read_localization(vnc_session_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
+optional_policy(`
|
|
||||||
+ userdom_spec_domtrans_all_users(vnc_session_t)
|
|
||||||
+ userdom_signal_all_users(vnc_session_t)
|
|
||||||
+
|
|
||||||
+ userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
|
|
||||||
+ userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")
|
|
||||||
+
|
|
||||||
+ # This also affects other tools, e.g. vncpasswd
|
|
||||||
+ gen_require(`
|
|
||||||
+ attribute userdomain;
|
|
||||||
+ ')
|
|
||||||
+ userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
|
|
||||||
+ userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")
|
|
||||||
+')
|
|
||||||
From 3c8622691abfb377b48bf3749dd629c5a7120cf4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Zdenek Pytela <zpytela@redhat.com>
|
|
||||||
Date: Tue, 18 May 2021 13:39:11 +0200
|
|
||||||
Subject: [PATCH] Allow vnc_session_t manage nfs dirs and files conditionally
|
|
||||||
|
|
||||||
The permissions set to manage directories and files with the nfs_t type
|
|
||||||
is allowed when the use_nfs_home_dirs boolean is turned on.
|
|
||||||
|
|
||||||
Resolves: https://github.com/TigerVNC/tigervnc/issues/1189
|
|
||||||
---
|
|
||||||
unix/vncserver/selinux/vncsession.te | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
|
||||||
index 86fd6e5ef..46e699117 100644
|
|
||||||
--- a/unix/vncserver/selinux/vncsession.te
|
|
||||||
+++ b/unix/vncserver/selinux/vncsession.te
|
|
||||||
@@ -51,6 +51,11 @@ corecmd_executable_file(vnc_session_exec_t)
|
|
||||||
mcs_process_set_categories(vnc_session_t)
|
|
||||||
mcs_killall(vnc_session_t)
|
|
||||||
|
|
||||||
+tunable_policy(`use_nfs_home_dirs',`
|
|
||||||
+ fs_manage_nfs_dirs(vnc_session_t)
|
|
||||||
+ fs_manage_nfs_files(vnc_session_t)
|
|
||||||
+')
|
|
||||||
+
|
|
||||||
optional_policy(`
|
|
||||||
auth_login_pgm_domain(vnc_session_t)
|
|
||||||
auth_write_login_records(vnc_session_t)
|
|
||||||
diff --git a/unix/vncserver/selinux/vncsession.te b/unix/vncserver/selinux/vncsession.te
|
|
||||||
index 46e69911..f1108ec8 100644
|
|
||||||
--- a/unix/vncserver/selinux/vncsession.te
|
|
||||||
+++ b/unix/vncserver/selinux/vncsession.te
|
|
||||||
@@ -20,7 +20,6 @@
|
|
||||||
policy_module(vncsession, 1.0.0)
|
|
||||||
|
|
||||||
gen_require(`
|
|
||||||
- attribute userdomain;
|
|
||||||
type xdm_home_t;
|
|
||||||
')
|
|
||||||
|
|
@ -0,0 +1,81 @@
|
|||||||
|
From d2d52704624ce841f4a392fccd82079d87ff13b6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Grulich <jgrulich@redhat.com>
|
||||||
|
Date: Thu, 11 Nov 2021 13:52:41 +0100
|
||||||
|
Subject: [PATCH] SELinux: restore SELinux context in case of different
|
||||||
|
policies
|
||||||
|
|
||||||
|
---
|
||||||
|
CMakeLists.txt | 13 +++++++++++++
|
||||||
|
unix/vncserver/CMakeLists.txt | 2 +-
|
||||||
|
unix/vncserver/vncsession.c | 16 ++++++++++++++++
|
||||||
|
3 files changed, 30 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||||
|
index 50247c7da..1708eb3d8 100644
|
||||||
|
--- a/CMakeLists.txt
|
||||||
|
+++ b/CMakeLists.txt
|
||||||
|
@@ -268,6 +268,19 @@ if(UNIX AND NOT APPLE)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
+# Check for SELinux library
|
||||||
|
+if(UNIX AND NOT APPLE)
|
||||||
|
+ check_include_files(selinux/selinux.h HAVE_SELINUX_H)
|
||||||
|
+ if(HAVE_SELINUX_H)
|
||||||
|
+ set(CMAKE_REQUIRED_LIBRARIES -lselinux)
|
||||||
|
+ set(CMAKE_REQUIRED_LIBRARIES)
|
||||||
|
+ set(SELINUX_LIBS selinux)
|
||||||
|
+ add_definitions("-DHAVE_SELINUX")
|
||||||
|
+ else()
|
||||||
|
+ message(WARNING "Could not find SELinux development files")
|
||||||
|
+ endif()
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
# Generate config.h and make sure the source finds it
|
||||||
|
configure_file(config.h.in config.h)
|
||||||
|
add_definitions(-DHAVE_CONFIG_H)
|
||||||
|
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
|
||||||
|
index f65ccc7db..ae69dc098 100644
|
||||||
|
--- a/unix/vncserver/CMakeLists.txt
|
||||||
|
+++ b/unix/vncserver/CMakeLists.txt
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
add_executable(vncsession vncsession.c)
|
||||||
|
-target_link_libraries(vncsession ${PAM_LIBS})
|
||||||
|
+target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
|
||||||
|
|
||||||
|
configure_file(vncserver@.service.in vncserver@.service @ONLY)
|
||||||
|
configure_file(vncsession-start.in vncsession-start @ONLY)
|
||||||
|
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
||||||
|
index 3573e5e9b..f6d2fd59e 100644
|
||||||
|
--- a/unix/vncserver/vncsession.c
|
||||||
|
+++ b/unix/vncserver/vncsession.c
|
||||||
|
@@ -37,6 +37,11 @@
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
|
|
||||||
|
+#ifdef HAVE_SELINUX
|
||||||
|
+#include <selinux/selinux.h>
|
||||||
|
+#include <selinux/restorecon.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
extern char **environ;
|
||||||
|
|
||||||
|
// PAM service name
|
||||||
|
@@ -360,6 +365,17 @@ redir_stdio(const char *homedir, const char *display)
|
||||||
|
syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));
|
||||||
|
_exit(EX_OSERR);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_SELINUX
|
||||||
|
+ int result;
|
||||||
|
+ if (selinux_file_context_verify(logfile, 0) == 0) {
|
||||||
|
+ result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);
|
||||||
|
+
|
||||||
|
+ if (result < 0) {
|
||||||
|
+ syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
hostlen = sysconf(_SC_HOST_NAME_MAX);
|
@ -1,47 +0,0 @@
|
|||||||
From 40f104ffe1e36df9613f8d316f616fb2b089cc86 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Grulich <jgrulich@redhat.com>
|
|
||||||
Date: Tue, 29 Sep 2020 13:37:16 +0200
|
|
||||||
Subject: [PATCH] Use /run instead of /var/run which is just a symlink
|
|
||||||
|
|
||||||
---
|
|
||||||
unix/vncserver/selinux/vncsession.fc | 2 +-
|
|
||||||
unix/vncserver/vncserver@.service.in | 2 +-
|
|
||||||
unix/vncserver/vncsession.c | 2 +-
|
|
||||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/selinux/vncsession.fc b/unix/vncserver/selinux/vncsession.fc
|
|
||||||
index 121cdd237..ae768baa4 100644
|
|
||||||
--- a/unix/vncserver/selinux/vncsession.fc
|
|
||||||
+++ b/unix/vncserver/selinux/vncsession.fc
|
|
||||||
@@ -23,4 +23,4 @@ HOME_ROOT/\.vnc(/.*)? gen_context(system_u:object_r:xdm_home_t,s0)
|
|
||||||
/usr/sbin/vncsession -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
|
||||||
/usr/libexec/vncsession-start -- gen_context(system_u:object_r:vnc_session_exec_t,s0)
|
|
||||||
|
|
||||||
-/var/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
|
|
||||||
+/run/vncsession-:[0-9]*\.pid -- gen_context(system_u:object_r:vnc_session_var_run_t,s0)
|
|
||||||
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
|
|
||||||
index 584ecf4b1..5624dff76 100644
|
|
||||||
--- a/unix/vncserver/vncserver@.service.in
|
|
||||||
+++ b/unix/vncserver/vncserver@.service.in
|
|
||||||
@@ -36,7 +36,7 @@ After=syslog.target network.target
|
|
||||||
[Service]
|
|
||||||
Type=forking
|
|
||||||
ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
|
|
||||||
-PIDFile=/var/run/vncsession-%i.pid
|
|
||||||
+PIDFile=/run/vncsession-%i.pid
|
|
||||||
SELinuxContext=system_u:system_r:vnc_session_t:s0
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
diff --git a/unix/vncserver/vncsession.c b/unix/vncserver/vncsession.c
|
|
||||||
index 3e0c98f0f..2b47f5f55 100644
|
|
||||||
--- a/unix/vncserver/vncsession.c
|
|
||||||
+++ b/unix/vncserver/vncsession.c
|
|
||||||
@@ -543,7 +543,7 @@ main(int argc, char **argv)
|
|
||||||
}
|
|
||||||
|
|
||||||
snprintf(pid_file, sizeof(pid_file),
|
|
||||||
- "/var/run/vncsession-%s.pid", display);
|
|
||||||
+ "/run/vncsession-%s.pid", display);
|
|
||||||
f = fopen(pid_file, "w");
|
|
||||||
if (f == NULL) {
|
|
||||||
syslog(LOG_ERR, "Failure creating pid file \"%s\": %s",
|
|
@ -1,149 +0,0 @@
|
|||||||
From 38c6848b30cb1908171f2b4628e345fbf6727b39 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pierre Ossman <ossman@cendio.se>
|
|
||||||
Date: Fri, 18 Sep 2020 10:44:32 +0200
|
|
||||||
Subject: [PATCH] Tolerate specifying -BoolParam 0 and similar
|
|
||||||
|
|
||||||
This is needed by vncserver which doesn't know which parameters are
|
|
||||||
boolean, and it cannot use the -Param=Value form as that isn't tolerated
|
|
||||||
by the Xorg code.
|
|
||||||
---
|
|
||||||
unix/vncserver/vncserver.in | 8 ++++----
|
|
||||||
unix/xserver/hw/vnc/RFBGlue.cc | 16 ++++++++++++++++
|
|
||||||
unix/xserver/hw/vnc/RFBGlue.h | 1 +
|
|
||||||
unix/xserver/hw/vnc/xvnc.c | 14 ++++++++++++++
|
|
||||||
vncviewer/vncviewer.cxx | 20 ++++++++++++++++++++
|
|
||||||
5 files changed, 55 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/unix/vncserver/vncserver.in b/unix/vncserver/vncserver.in
|
|
||||||
index 25fbbd315..261b258f1 100755
|
|
||||||
--- a/unix/vncserver/vncserver.in
|
|
||||||
+++ b/unix/vncserver/vncserver.in
|
|
||||||
@@ -107,7 +107,7 @@ $default_opts{rfbwait} = 30000;
|
|
||||||
$default_opts{rfbauth} = "$vncUserDir/passwd";
|
|
||||||
$default_opts{rfbport} = $vncPort;
|
|
||||||
$default_opts{fp} = $fontPath if ($fontPath);
|
|
||||||
-$default_opts{pn} = "";
|
|
||||||
+$default_opts{pn} = undef;
|
|
||||||
|
|
||||||
# Load user-overrideable system defaults
|
|
||||||
LoadConfig($vncSystemConfigDefaultsFile);
|
|
||||||
@@ -242,13 +242,13 @@ push(@cmd, "@CMAKE_INSTALL_FULL_BINDIR@/Xvnc", ":$displayNumber");
|
|
||||||
|
|
||||||
foreach my $k (sort keys %config) {
|
|
||||||
push(@cmd, "-$k");
|
|
||||||
- push(@cmd, $config{$k}) if $config{$k};
|
|
||||||
+ push(@cmd, $config{$k}) if defined($config{$k});
|
|
||||||
delete $default_opts{$k}; # file options take precedence
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach my $k (sort keys %default_opts) {
|
|
||||||
push(@cmd, "-$k");
|
|
||||||
- push(@cmd, $default_opts{$k}) if $default_opts{$k};
|
|
||||||
+ push(@cmd, $default_opts{$k}) if defined($default_opts{$k});
|
|
||||||
}
|
|
||||||
|
|
||||||
warn "\nNew '$desktopName' desktop is $host:$displayNumber\n\n";
|
|
||||||
@@ -291,7 +291,7 @@ sub LoadConfig {
|
|
||||||
# current config file being loaded defined the logical opposite setting
|
|
||||||
# (NeverShared vs. AlwaysShared, etc etc).
|
|
||||||
$toggle = lc($1); # must normalize key case
|
|
||||||
- $config{$toggle} = $k;
|
|
||||||
+ $config{$toggle} = undef;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close(IN);
|
|
||||||
diff --git a/unix/xserver/hw/vnc/RFBGlue.cc b/unix/xserver/hw/vnc/RFBGlue.cc
|
|
||||||
index f108fae43..7c32bea8f 100644
|
|
||||||
--- a/unix/xserver/hw/vnc/RFBGlue.cc
|
|
||||||
+++ b/unix/xserver/hw/vnc/RFBGlue.cc
|
|
||||||
@@ -143,6 +143,22 @@ const char* vncGetParamDesc(const char *name)
|
|
||||||
return param->getDescription();
|
|
||||||
}
|
|
||||||
|
|
||||||
+int vncIsParamBool(const char *name)
|
|
||||||
+{
|
|
||||||
+ VoidParameter *param;
|
|
||||||
+ BoolParameter *bparam;
|
|
||||||
+
|
|
||||||
+ param = rfb::Configuration::getParam(name);
|
|
||||||
+ if (param == NULL)
|
|
||||||
+ return false;
|
|
||||||
+
|
|
||||||
+ bparam = dynamic_cast<BoolParameter*>(param);
|
|
||||||
+ if (bparam == NULL)
|
|
||||||
+ return false;
|
|
||||||
+
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int vncGetParamCount(void)
|
|
||||||
{
|
|
||||||
int count;
|
|
||||||
diff --git a/unix/xserver/hw/vnc/RFBGlue.h b/unix/xserver/hw/vnc/RFBGlue.h
|
|
||||||
index 112405b84..695cea105 100644
|
|
||||||
--- a/unix/xserver/hw/vnc/RFBGlue.h
|
|
||||||
+++ b/unix/xserver/hw/vnc/RFBGlue.h
|
|
||||||
@@ -41,6 +41,7 @@ int vncSetParam(const char *name, const char *value);
|
|
||||||
int vncSetParamSimple(const char *nameAndValue);
|
|
||||||
char* vncGetParam(const char *name);
|
|
||||||
const char* vncGetParamDesc(const char *name);
|
|
||||||
+int vncIsParamBool(const char *name);
|
|
||||||
|
|
||||||
int vncGetParamCount(void);
|
|
||||||
char *vncGetParamList(void);
|
|
||||||
diff --git a/unix/xserver/hw/vnc/xvnc.c b/unix/xserver/hw/vnc/xvnc.c
|
|
||||||
index 4eb0b0b13..5744acac8 100644
|
|
||||||
--- a/unix/xserver/hw/vnc/xvnc.c
|
|
||||||
+++ b/unix/xserver/hw/vnc/xvnc.c
|
|
||||||
@@ -618,6 +618,20 @@ ddxProcessArgument(int argc, char *argv[], int i)
|
|
||||||
exit(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* We need to resolve an ambiguity for booleans */
|
|
||||||
+ if (argv[i][0] == '-' && i+1 < argc &&
|
|
||||||
+ vncIsParamBool(&argv[i][1])) {
|
|
||||||
+ if ((strcasecmp(argv[i+1], "0") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "1") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "true") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "false") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "yes") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "no") == 0)) {
|
|
||||||
+ vncSetParam(&argv[i][1], argv[i+1]);
|
|
||||||
+ return 2;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (vncSetParamSimple(argv[i]))
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
|
|
||||||
index d4dd3063c..77ba3d3f4 100644
|
|
||||||
--- a/vncviewer/vncviewer.cxx
|
|
||||||
+++ b/vncviewer/vncviewer.cxx
|
|
||||||
@@ -556,6 +556,26 @@ int main(int argc, char** argv)
|
|
||||||
}
|
|
||||||
|
|
||||||
for (int i = 1; i < argc;) {
|
|
||||||
+ /* We need to resolve an ambiguity for booleans */
|
|
||||||
+ if (argv[i][0] == '-' && i+1 < argc) {
|
|
||||||
+ VoidParameter *param;
|
|
||||||
+
|
|
||||||
+ param = Configuration::getParam(&argv[i][1]);
|
|
||||||
+ if ((param != NULL) &&
|
|
||||||
+ (dynamic_cast<BoolParameter*>(param) != NULL)) {
|
|
||||||
+ if ((strcasecmp(argv[i+1], "0") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "1") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "true") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "false") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "yes") == 0) ||
|
|
||||||
+ (strcasecmp(argv[i+1], "no") == 0)) {
|
|
||||||
+ param->setParam(argv[i+1]);
|
|
||||||
+ i += 2;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (Configuration::setParam(argv[i])) {
|
|
||||||
i++;
|
|
||||||
continue;
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/common/rfb/Security.cxx b/common/rfb/Security.cxx
|
|
||||||
index e623ab5..4987b29 100644
|
|
||||||
--- a/common/rfb/Security.cxx
|
|
||||||
+++ b/common/rfb/Security.cxx
|
|
||||||
@@ -52,7 +52,7 @@ static LogWriter vlog("Security");
|
|
||||||
#ifdef HAVE_GNUTLS
|
|
||||||
StringParameter Security::GnuTLSPriority("GnuTLSPriority",
|
|
||||||
"GnuTLS priority string that controls the TLS session’s handshake algorithms",
|
|
||||||
- "NORMAL");
|
|
||||||
+ "@SYSTEM");
|
|
||||||
#endif
|
|
||||||
|
|
||||||
Security::Security()
|
|
113
SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
Normal file
113
SOURCES/tigervnc-vncsession-restore-script-systemd-service.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 1919a8ab86c99b47ba86dc697abcdf3343b0aafa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Grulich <jgrulich@redhat.com>
|
||||||
|
Date: Tue, 1 Feb 2022 14:31:05 +0100
|
||||||
|
Subject: Add vncsession-restore script to restore SELinux context
|
||||||
|
|
||||||
|
The vncsession-restore script is used in the ExecStartPre option
|
||||||
|
for systemd service file in order to properly start the session
|
||||||
|
in case the policy is updated (e.g. after Tigervnc update).
|
||||||
|
|
||||||
|
diff --git a/unix/vncserver/CMakeLists.txt b/unix/vncserver/CMakeLists.txt
|
||||||
|
index ae69dc09..04eb6fc4 100644
|
||||||
|
--- a/unix/vncserver/CMakeLists.txt
|
||||||
|
+++ b/unix/vncserver/CMakeLists.txt
|
||||||
|
@@ -2,6 +2,7 @@ add_executable(vncsession vncsession.c)
|
||||||
|
target_link_libraries(vncsession ${PAM_LIBS} ${SELINUX_LIBS})
|
||||||
|
|
||||||
|
configure_file(vncserver@.service.in vncserver@.service @ONLY)
|
||||||
|
+configure_file(vncsession-restore.in vncsession-restore @ONLY)
|
||||||
|
configure_file(vncsession-start.in vncsession-start @ONLY)
|
||||||
|
configure_file(vncserver.in vncserver @ONLY)
|
||||||
|
configure_file(vncsession.man.in vncsession.man @ONLY)
|
||||||
|
@@ -20,4 +21,5 @@ install(FILES HOWTO.md DESTINATION ${CMAKE_INSTALL_FULL_DOCDIR})
|
||||||
|
if(INSTALL_SYSTEMD_UNITS)
|
||||||
|
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/vncserver@.service DESTINATION ${CMAKE_INSTALL_FULL_UNITDIR})
|
||||||
|
install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-start DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
|
||||||
|
+ install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/vncsession-restore DESTINATION ${CMAKE_INSTALL_FULL_LIBEXECDIR})
|
||||||
|
endif()
|
||||||
|
diff --git a/unix/vncserver/vncserver@.service.in b/unix/vncserver/vncserver@.service.in
|
||||||
|
index 39f81b73..a83e05a3 100644
|
||||||
|
--- a/unix/vncserver/vncserver@.service.in
|
||||||
|
+++ b/unix/vncserver/vncserver@.service.in
|
||||||
|
@@ -35,6 +35,7 @@ After=syslog.target network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
+ExecStartPre=+@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-restore %i
|
||||||
|
ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/vncsession-start %i
|
||||||
|
PIDFile=/run/vncsession-%i.pid
|
||||||
|
SELinuxContext=system_u:system_r:vnc_session_t:s0
|
||||||
|
diff --git a/unix/vncserver/vncsession-restore.in b/unix/vncserver/vncsession-restore.in
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..d3abc57d
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/unix/vncserver/vncsession-restore.in
|
||||||
|
@@ -0,0 +1,68 @@
|
||||||
|
+#!/bin/bash
|
||||||
|
+#
|
||||||
|
+# Copyright 2022 Jan Grulich <jgrulich@redhat.com>
|
||||||
|
+#
|
||||||
|
+# This is free software; you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+#
|
||||||
|
+# This software is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+#
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this software; if not, write to the Free Software
|
||||||
|
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||||
|
+# USA.
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+USERSFILE="@CMAKE_INSTALL_FULL_SYSCONFDIR@/tigervnc/vncserver.users"
|
||||||
|
+
|
||||||
|
+if [ $# -ne 1 ]; then
|
||||||
|
+ echo "Syntax:" >&2
|
||||||
|
+ echo " $0 <display>" >&2
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+if [ ! -f "${USERSFILE}" ]; then
|
||||||
|
+ echo "Users file ${USERSFILE} missing" >&2
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+DISPLAY="$1"
|
||||||
|
+
|
||||||
|
+USER=`grep "^ *${DISPLAY}=" "${USERSFILE}" 2>/dev/null | head -1 | cut -d = -f 2- | sed 's/ *$//g'`
|
||||||
|
+
|
||||||
|
+if [ -z "${USER}" ]; then
|
||||||
|
+ echo "No user configured for display ${DISPLAY}" >&2
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+USER_HOMEDIR=`getent passwd ${USER} | cut -f6 -d:`
|
||||||
|
+
|
||||||
|
+if [ -z "${USER_HOMEDIR}" ]; then
|
||||||
|
+ echo "Failed to get home directory for ${USER}" >&2
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+if [ ! -d "${USER_HOMEDIR}/.vnc" ]; then
|
||||||
|
+ exit 0
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+MATCHPATHCON=`which matchpathcon`
|
||||||
|
+
|
||||||
|
+if [ $? -eq 0 ]; then
|
||||||
|
+ ${MATCHPATHCON} -V "${USER_HOMEDIR}/.vnc" &>/dev/null
|
||||||
|
+ if [ $? -eq 0 ]; then
|
||||||
|
+ exit 0
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+RESTORECON=`which restorecon`
|
||||||
|
+
|
||||||
|
+if [ $? -eq 0 ]; then
|
||||||
|
+ exec "${RESTORECON}" -R "${USER_HOMEDIR}/.vnc" >&2
|
||||||
|
+ return $?
|
||||||
|
+fi
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
|
|
||||||
index b946022..2daefa2 100644
|
|
||||||
--- a/common/rfb/SSecurityTLS.cxx
|
|
||||||
+++ b/common/rfb/SSecurityTLS.cxx
|
|
||||||
@@ -186,7 +186,7 @@ void SSecurityTLS::setParams(gnutls_session_t session)
|
|
||||||
if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_dh_params_init failed");
|
|
||||||
|
|
||||||
- if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
|
|
||||||
+ if (gnutls_dh_params_generate2(dh_params, gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM)) != GNUTLS_E_SUCCESS)
|
|
||||||
throw AuthFailureException("gnutls_dh_params_generate2 failed");
|
|
||||||
|
|
||||||
if (anon) {
|
|
@ -168,7 +168,8 @@ if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
|
|||||||
$displayNumber = $1;
|
$displayNumber = $1;
|
||||||
shift(@ARGV);
|
shift(@ARGV);
|
||||||
if (!&CheckDisplayNumber($displayNumber)) {
|
if (!&CheckDisplayNumber($displayNumber)) {
|
||||||
die "A VNC server is already running as :$displayNumber\n";
|
warn "A VNC server is already running as :$displayNumber\n";
|
||||||
|
$displayNumber = &GetDisplayNumber();
|
||||||
}
|
}
|
||||||
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
|
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
|
||||||
&Usage();
|
&Usage();
|
||||||
@ -194,7 +195,6 @@ $default_opts{auth} = "edString($xauthorityFile);
|
|||||||
$default_opts{geometry} = $geometry if ($geometry);
|
$default_opts{geometry} = $geometry if ($geometry);
|
||||||
$default_opts{depth} = $depth if ($depth);
|
$default_opts{depth} = $depth if ($depth);
|
||||||
$default_opts{pixelformat} = $pixelformat if ($pixelformat);
|
$default_opts{pixelformat} = $pixelformat if ($pixelformat);
|
||||||
$default_opts{rfbwait} = 30000;
|
|
||||||
$default_opts{rfbauth} = "$vncUserDir/passwd";
|
$default_opts{rfbauth} = "$vncUserDir/passwd";
|
||||||
$default_opts{rfbport} = $vncPort;
|
$default_opts{rfbport} = $vncPort;
|
||||||
$default_opts{fp} = $fontPath if ($fontPath);
|
$default_opts{fp} = $fontPath if ($fontPath);
|
||||||
@ -892,6 +892,6 @@ sub SanityCheck
|
|||||||
|
|
||||||
sub NotifyAboutDeprecation
|
sub NotifyAboutDeprecation
|
||||||
{
|
{
|
||||||
warn "\nWARNING: vncserver has been replaced by a systemd unit and is about to be removed in future releases.\n";
|
warn "\nWARNING: vncserver has been replaced by a systemd unit and is now considered deprecated and removed in upstream.\n";
|
||||||
warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n";
|
warn "Please read /usr/share/doc/tigervnc/HOWTO.md for more information.\n";
|
||||||
}
|
}
|
||||||
|
@ -1,204 +0,0 @@
|
|||||||
.TH vncserver 1 "" "TigerVNC" "Virtual Network Computing"
|
|
||||||
.SH NAME
|
|
||||||
vncserver \- start or stop a VNC server
|
|
||||||
.SH SYNOPSIS
|
|
||||||
.B vncserver
|
|
||||||
.RI [: display# ]
|
|
||||||
.RB [ \-name
|
|
||||||
.IR desktop-name ]
|
|
||||||
.RB [ \-geometry
|
|
||||||
.IR width x height ]
|
|
||||||
.RB [ \-depth
|
|
||||||
.IR depth ]
|
|
||||||
.RB [ \-pixelformat
|
|
||||||
.IR format ]
|
|
||||||
.RB [ \-fp
|
|
||||||
.IR font-path ]
|
|
||||||
.RB [ \-fg ]
|
|
||||||
.RB [ \-autokill ]
|
|
||||||
.RB [ \-noxstartup ]
|
|
||||||
.RB [ \-xstartup
|
|
||||||
.IR script ]
|
|
||||||
.RI [ Xvnc-options... ]
|
|
||||||
.br
|
|
||||||
.BI "vncserver \-kill :" display#
|
|
||||||
.br
|
|
||||||
.BI "vncserver \-list"
|
|
||||||
.SH DESCRIPTION
|
|
||||||
.B vncserver
|
|
||||||
is used to start a VNC (Virtual Network Computing) desktop.
|
|
||||||
.B vncserver
|
|
||||||
is a Perl script which simplifies the process of starting an Xvnc server. It
|
|
||||||
runs Xvnc with appropriate options and starts a window manager on the VNC
|
|
||||||
desktop.
|
|
||||||
|
|
||||||
.B vncserver
|
|
||||||
can be run with no options at all. In this case it will choose the first
|
|
||||||
available display number (usually :1), start Xvnc with that display number,
|
|
||||||
and start the default window manager in the Xvnc session. You can also
|
|
||||||
specify the display number, in which case vncserver will attempt to start
|
|
||||||
Xvnc with that display number and exit if the display number is not
|
|
||||||
available. For example:
|
|
||||||
|
|
||||||
.RS
|
|
||||||
vncserver :13
|
|
||||||
.RE
|
|
||||||
|
|
||||||
Editing the file $HOME/.vnc/xstartup allows you to change the applications run
|
|
||||||
at startup (but note that this will not affect an existing VNC session.)
|
|
||||||
|
|
||||||
.SH OPTIONS
|
|
||||||
You can get a list of options by passing \fB\-h\fP as an option to vncserver.
|
|
||||||
In addition to the options listed below, any unrecognised options will be
|
|
||||||
passed to Xvnc - see the Xvnc man page, or "Xvnc \-help", for details.
|
|
||||||
|
|
||||||
.TP
|
|
||||||
.B \-name \fIdesktop-name\fP
|
|
||||||
Each VNC desktop has a name which may be displayed by the viewer. The desktop
|
|
||||||
name defaults to "\fIhost\fP:\fIdisplay#\fP (\fIusername\fP)", but you can
|
|
||||||
change it with this option. The desktop name option is passed to the xstartup
|
|
||||||
script via the $VNCDESKTOP environment variable, which allows you to run a
|
|
||||||
different set of applications depending on the name of the desktop.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-geometry \fIwidth\fPx\fIheight\fP
|
|
||||||
Specify the size of the VNC desktop to be created. Default is 1024x768.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-depth \fIdepth\fP
|
|
||||||
Specify the pixel depth (in bits) of the VNC desktop to be created. Default is
|
|
||||||
24. Other possible values are 8, 15 and 16 - anything else is likely to cause
|
|
||||||
strange behaviour by applications.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-pixelformat \fIformat\fP
|
|
||||||
Specify pixel format for Xvnc to use (BGRnnn or RGBnnn). The default for
|
|
||||||
depth 8 is BGR233 (meaning the most significant two bits represent blue, the
|
|
||||||
next three green, and the least significant three represent red), the default
|
|
||||||
for depth 16 is RGB565, and the default for depth 24 is RGB888.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-cc 3
|
|
||||||
As an alternative to the default TrueColor visual, this allows you to run an
|
|
||||||
Xvnc server with a PseudoColor visual (i.e. one which uses a color map or
|
|
||||||
palette), which can be useful for running some old X applications which only
|
|
||||||
work on such a display. Values other than 3 (PseudoColor) and 4 (TrueColor)
|
|
||||||
for the \-cc option may result in strange behaviour, and PseudoColor desktops
|
|
||||||
must have an 8-bit depth.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-kill :\fIdisplay#\fP
|
|
||||||
This kills a VNC desktop previously started with vncserver. It does this by
|
|
||||||
killing the Xvnc process, whose process ID is stored in the file
|
|
||||||
"$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid". The
|
|
||||||
.B \-kill
|
|
||||||
option ignores anything preceding the first colon (":") in the display
|
|
||||||
argument. Thus, you can invoke "vncserver \-kill $DISPLAY", for example at the
|
|
||||||
end of your xstartup file after a particular application exits.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-fp \fIfont-path\fP
|
|
||||||
If the vncserver script detects that the X Font Server (XFS) is running, it
|
|
||||||
will attempt to start Xvnc and configure Xvnc to use XFS for font handling.
|
|
||||||
Otherwise, if XFS is not running, the vncserver script will attempt to start
|
|
||||||
Xvnc and allow Xvnc to use its own preferred method of font handling (which may
|
|
||||||
be a hard-coded font path or, on more recent systems, a font catalog.) In
|
|
||||||
any case, if Xvnc fails to start, the vncserver script will then attempt to
|
|
||||||
determine an appropriate X font path for this system and start Xvnc using
|
|
||||||
that font path.
|
|
||||||
|
|
||||||
The
|
|
||||||
.B \-fp
|
|
||||||
argument allows you to override the above fallback logic and specify a font
|
|
||||||
path for Xvnc to use.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-fg
|
|
||||||
Runs Xvnc as a foreground process. This has two effects: (1) The VNC server
|
|
||||||
can be aborted with CTRL-C, and (2) the VNC server will exit as soon as the
|
|
||||||
user logs out of the window manager in the VNC session. This may be necessary
|
|
||||||
when launching TigerVNC from within certain grid computing environments.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-autokill
|
|
||||||
Automatically kill Xvnc whenever the xstartup script exits. In most cases,
|
|
||||||
this has the effect of terminating Xvnc when the user logs out of the window
|
|
||||||
manager.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-noxstartup
|
|
||||||
Do not run the %HOME/.vnc/xstartup script after launching Xvnc. This
|
|
||||||
option allows you to manually start a window manager in your TigerVNC session.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-xstartup \fIscript\fP
|
|
||||||
Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching
|
|
||||||
Xvnc. This is useful to run full-screen applications.
|
|
||||||
.
|
|
||||||
.TP
|
|
||||||
.B \-list
|
|
||||||
Lists all VNC desktops started by vncserver.
|
|
||||||
|
|
||||||
.SH FILES
|
|
||||||
Several VNC-related files are found in the directory $HOME/.vnc:
|
|
||||||
.TP
|
|
||||||
$HOME/.vnc/xstartup
|
|
||||||
A shell script specifying X applications to be run when a VNC desktop is
|
|
||||||
started. If this file does not exist, then vncserver will create a default
|
|
||||||
xstartup script which attempts to launch your chosen window manager.
|
|
||||||
.TP
|
|
||||||
/etc/tigervnc/vncserver-config-defaults
|
|
||||||
The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
|
|
||||||
and defines options to be passed to Xvnc, they will be used as defaults for
|
|
||||||
users. The user's $HOME/.vnc/config overrides settings configured in this file.
|
|
||||||
The overall configuration file load order is: this file, $HOME/.vnc/config,
|
|
||||||
and then /etc/tigervnc/vncserver-config-mandatory. None are required to exist.
|
|
||||||
.TP
|
|
||||||
/etc/tigervnc/vncserver-config-mandatory
|
|
||||||
The optional system-wide equivalent of $HOME/.vnc/config. If this file exists
|
|
||||||
and defines options to be passed to Xvnc, they will override any of the same
|
|
||||||
options defined in a user's $HOME/.vnc/config. This file offers a mechanism
|
|
||||||
to establish some basic form of system-wide policy. WARNING! There is
|
|
||||||
nothing stopping users from constructing their own vncserver-like script
|
|
||||||
that calls Xvnc directly to bypass any options defined in
|
|
||||||
/etc/tigervnc/vncserver-config-mandatory. Likewise, any CLI arguments passed
|
|
||||||
to vncserver will override ANY config file setting of the same name. The
|
|
||||||
overall configuration file load order is:
|
|
||||||
/etc/tigervnc/vncserver-config-defaults, $HOME/.vnc/config, and then this file.
|
|
||||||
None are required to exist.
|
|
||||||
.TP
|
|
||||||
$HOME/.vnc/config
|
|
||||||
An optional server config file wherein options to be passed to Xvnc are listed
|
|
||||||
to avoid hard-coding them to the physical invocation. List options in this file
|
|
||||||
one per line. For those requiring an argument, simply separate the option from
|
|
||||||
the argument with an equal sign, for example: "geometry=2000x1200" or
|
|
||||||
"securitytypes=vncauth,tlsvnc". Options without an argument are simply listed
|
|
||||||
as a single word, for example: "localhost" or "alwaysshared".
|
|
||||||
.TP
|
|
||||||
$HOME/.vnc/passwd
|
|
||||||
The VNC password file.
|
|
||||||
.TP
|
|
||||||
$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.log
|
|
||||||
The log file for Xvnc and applications started in xstartup.
|
|
||||||
.TP
|
|
||||||
$HOME/.vnc/\fIhost\fP:\fIdisplay#\fP.pid
|
|
||||||
Identifies the Xvnc process ID, used by the
|
|
||||||
.B \-kill
|
|
||||||
option.
|
|
||||||
|
|
||||||
.SH SEE ALSO
|
|
||||||
.BR vncviewer (1),
|
|
||||||
.BR vncpasswd (1),
|
|
||||||
.BR vncconfig (1),
|
|
||||||
.BR Xvnc (1)
|
|
||||||
.br
|
|
||||||
https://www.tigervnc.org
|
|
||||||
|
|
||||||
.SH AUTHOR
|
|
||||||
Tristan Richardson, RealVNC Ltd., D. R. Commander and others.
|
|
||||||
|
|
||||||
VNC was originally developed by the RealVNC team while at Olivetti
|
|
||||||
Research Ltd / AT&T Laboratories Cambridge. TightVNC additions were
|
|
||||||
implemented by Constantin Kaplinsky. Many other people have since
|
|
||||||
participated in development, testing and support. This manual is part
|
|
||||||
of the TigerVNC software suite.
|
|
@ -4,8 +4,8 @@
|
|||||||
%global modulename vncsession
|
%global modulename vncsession
|
||||||
|
|
||||||
Name: tigervnc
|
Name: tigervnc
|
||||||
Version: 1.11.0
|
Version: 1.12.0
|
||||||
Release: 10%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: A TigerVNC remote display system
|
Summary: A TigerVNC remote display system
|
||||||
|
|
||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
@ -17,28 +17,17 @@ Source0: %{name}-%{version}.tar.gz
|
|||||||
Source1: xvnc.service
|
Source1: xvnc.service
|
||||||
Source2: xvnc.socket
|
Source2: xvnc.socket
|
||||||
Source3: 10-libvnc.conf
|
Source3: 10-libvnc.conf
|
||||||
Source4: HOWTO.md
|
|
||||||
|
|
||||||
# Backwards compatibility
|
# Backwards compatibility
|
||||||
Source5: vncserver
|
Source5: vncserver
|
||||||
Source6: vncserver.man
|
|
||||||
|
|
||||||
Patch2: tigervnc-getmaster.patch
|
Patch1: tigervnc-use-gnome-as-default-session.patch
|
||||||
Patch5: tigervnc-cursor.patch
|
|
||||||
Patch6: tigervnc-1.3.1-CVE-2014-8240.patch
|
|
||||||
Patch8: tigervnc-let-user-know-about-not-using-view-only-password.patch
|
|
||||||
Patch9: tigervnc-working-tls-on-fips-systems.patch
|
|
||||||
Patch11: tigervnc-utilize-system-crypto-policies.patch
|
|
||||||
Patch12: tigervnc-passwd-crash-with-malloc-checks.patch
|
|
||||||
Patch13: tigervnc-use-gnome-as-default-session.patch
|
|
||||||
|
|
||||||
# Upstream patches
|
# Upstream patches
|
||||||
Patch50: tigervnc-tolerate-specifying-boolparam.patch
|
Patch50: tigervnc-selinux-restore-context-in-case-of-different-policies.patch
|
||||||
Patch51: tigervnc-systemd-service.patch
|
Patch51: tigervnc-fix-typo-in-mirror-monitor-detection.patch
|
||||||
Patch52: tigervnc-correctly-start-vncsession-as-daemon.patch
|
Patch52: tigervnc-root-user-selinux-context.patch
|
||||||
Patch53: tigervnc-selinux-missing-compression-and-correct-location.patch
|
Patch53: tigervnc-vncsession-restore-script-systemd-service.patch
|
||||||
Patch54: tigervnc-selinux-policy-improvements.patch
|
|
||||||
Patch55: tigervnc-argb-runtime-ximage-byteorder-selection.patch
|
|
||||||
|
|
||||||
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
|
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
|
||||||
Patch100: tigervnc-xserver120.patch
|
Patch100: tigervnc-xserver120.patch
|
||||||
@ -54,7 +43,8 @@ BuildRequires: mesa-libGL-devel, libXinerama-devel, xorg-x11-font-utils
|
|||||||
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
|
BuildRequires: freetype-devel, libXdmcp-devel, libxshmfence-devel
|
||||||
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
|
BuildRequires: libjpeg-turbo-devel, gnutls-devel, pam-devel
|
||||||
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
|
BuildRequires: libdrm-devel, libXt-devel, pixman-devel
|
||||||
BuildRequires: systemd, cmake, desktop-file-utils, selinux-policy-devel
|
BuildRequires: systemd, cmake, desktop-file-utils
|
||||||
|
BuildRequires: libselinux-devel, selinux-policy-devel
|
||||||
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
|
%if 0%{?fedora} > 24 || 0%{?rhel} >= 7
|
||||||
BuildRequires: libXfont2-devel
|
BuildRequires: libXfont2-devel
|
||||||
%else
|
%else
|
||||||
@ -144,6 +134,10 @@ BuildRequires: selinux-policy-devel
|
|||||||
Requires: selinux-policy-%{selinuxtype}
|
Requires: selinux-policy-%{selinuxtype}
|
||||||
Requires(post): selinux-policy-%{selinuxtype}
|
Requires(post): selinux-policy-%{selinuxtype}
|
||||||
BuildRequires: selinux-policy-devel
|
BuildRequires: selinux-policy-devel
|
||||||
|
# Required for matchpathcon
|
||||||
|
Requires: libselinux-utils
|
||||||
|
# Required for restorecon
|
||||||
|
Requires: policycoreutils
|
||||||
%{?selinux_requires}
|
%{?selinux_requires}
|
||||||
|
|
||||||
%description selinux
|
%description selinux
|
||||||
@ -162,35 +156,13 @@ done
|
|||||||
%patch101 -p1 -b .rpath
|
%patch101 -p1 -b .rpath
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# libvnc.so: don't use unexported GetMaster function (bug #744881 again).
|
%patch1 -p1 -b .use-gnome-as-default-session
|
||||||
%patch2 -p1 -b .getmaster
|
|
||||||
|
|
||||||
# Fixed viewer crash when cursor has not been set (bug #1051333).
|
|
||||||
%patch5 -p1 -b .cursor
|
|
||||||
|
|
||||||
# CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based
|
|
||||||
# buffer overflow in screen size handling
|
|
||||||
%patch6 -p1 -b .tigervnc-1.3.1-CVE-2014-8240
|
|
||||||
|
|
||||||
# Bug 1447555 - view-only accepts enter, unclear whether default password is generated or not
|
|
||||||
%patch8 -p1 -b .let-user-know-about-not-using-view-only-password
|
|
||||||
|
|
||||||
# Bug 1492107 - VNC cannot be used when FIPS is enabled because DH_BITS is too low
|
|
||||||
%patch9 -p1 -b .working-tls-on-fips-systems
|
|
||||||
|
|
||||||
# Utilize system-wide crypto policies
|
|
||||||
%patch11 -p1 -b .utilize-system-crypto-policies.patch
|
|
||||||
|
|
||||||
%patch12 -p1 -b .passwd-crash-with-malloc-checks
|
|
||||||
%patch13 -p1 -b .use-gnome-as-default-session
|
|
||||||
|
|
||||||
# Upstream patches
|
# Upstream patches
|
||||||
%patch50 -p1 -b .tolerate-specifying-boolparam
|
%patch50 -p1 -b .selinux-restore-context-in-case-of-different-policies
|
||||||
%patch51 -p1 -b .systemd-service
|
%patch51 -p1 -b .fix-typo-in-mirror-monitor-detection
|
||||||
%patch52 -p1 -b .correctly-start-vncsession-as-daemon
|
%patch52 -p1 -b .root-user-selinux-context
|
||||||
%patch53 -p1 -b .selinux-missing-compression-and-correct-location
|
%patch53 -p1 -b .vncsession-restore-script-systemd-service
|
||||||
%patch54 -p1 -b .selinux-policy-improvements
|
|
||||||
%patch55 -p1 -b .argb-runtime-ximage-byteorder-selection
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifarch sparcv9 sparc64 s390 s390x
|
%ifarch sparcv9 sparc64 s390 s390x
|
||||||
@ -261,10 +233,7 @@ install -m644 tigervnc_$s.png %{buildroot}%{_datadir}/icons/hicolor/${s}x$s/apps
|
|||||||
done
|
done
|
||||||
popd
|
popd
|
||||||
|
|
||||||
rm -f %{buildroot}/%{_mandir}/man8/vncserver.8
|
|
||||||
|
|
||||||
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
|
install -m 755 %{SOURCE5} %{buildroot}/%{_bindir}/vncserver
|
||||||
install -m 644 %{SOURCE6} %{buildroot}/%{_mandir}/man8/vncserver.8
|
|
||||||
|
|
||||||
%find_lang %{name} %{name}.lang
|
%find_lang %{name} %{name}.lang
|
||||||
|
|
||||||
@ -274,8 +243,6 @@ rm -f %{buildroot}%{_libdir}/xorg/modules/extensions/libvnc.la
|
|||||||
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
|
mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/
|
||||||
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/10-libvnc.conf
|
||||||
|
|
||||||
install -m 644 %{SOURCE4} %{buildroot}/%{_docdir}/tigervnc/HOWTO.md
|
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
%systemd_post xvnc.service
|
%systemd_post xvnc.service
|
||||||
%systemd_post xvnc.socket
|
%systemd_post xvnc.socket
|
||||||
@ -321,6 +288,7 @@ fi
|
|||||||
%{_sbindir}/vncsession
|
%{_sbindir}/vncsession
|
||||||
%{_libexecdir}/vncserver
|
%{_libexecdir}/vncserver
|
||||||
%{_libexecdir}/vncsession-start
|
%{_libexecdir}/vncsession-start
|
||||||
|
%{_libexecdir}/vncsession-restore
|
||||||
%{_mandir}/man1/x0vncserver.1*
|
%{_mandir}/man1/x0vncserver.1*
|
||||||
%{_mandir}/man8/vncserver.8*
|
%{_mandir}/man8/vncserver.8*
|
||||||
%{_mandir}/man8/vncsession.8*
|
%{_mandir}/man8/vncsession.8*
|
||||||
@ -349,9 +317,22 @@ fi
|
|||||||
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
|
* Tue Feb 08 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-4
|
||||||
- Fix endianness issue
|
- Added vncsession-restore script for SELinux policy migration
|
||||||
Resolves: bz#2022475
|
Fix SELinux context for root user
|
||||||
|
Resolves: bz#2021892
|
||||||
|
|
||||||
|
* Fri Jan 21 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-3
|
||||||
|
- Fix crash in vncviewer
|
||||||
|
Resolves: bz#2021892
|
||||||
|
|
||||||
|
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-2
|
||||||
|
- Remove unavailable option from vncserver script
|
||||||
|
Resolves: bz#2021892
|
||||||
|
|
||||||
|
* Fri Jan 14 2022 Jan Grulich <jgrulich@redhat.com> - 1.12.0-1
|
||||||
|
- 1.12.0
|
||||||
|
Resolves: bz#2021892
|
||||||
|
|
||||||
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
|
* Mon Jul 19 2021 Jan Grulich <jgrulich@redhat.com> - 1.11.0-9
|
||||||
- Fix logout from VNC session using vncserver
|
- Fix logout from VNC session using vncserver
|
||||||
|
Loading…
Reference in New Issue
Block a user