From 76687af8e8abfc8ef85708494728b15f5e1493b0 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Fri, 9 Nov 2012 21:53:05 +0100 Subject: more and more faking freerdp --- Makefile.am | 6 ++-- freerdp-session.in | 9 +++++ freerdp.desktop.in | 8 +++++ lightdm-remote-session-freerdp.in | 71 +++++++++++++++++++++++++++++++++++++++ lightdm-remote-session-x2go.in | 71 --------------------------------------- lightdm-remote-x2go | 7 ---- x2go-session.in | 9 ----- x2go.desktop.in | 8 ----- 8 files changed, 91 insertions(+), 98 deletions(-) create mode 100755 freerdp-session.in create mode 100644 freerdp.desktop.in create mode 100644 lightdm-remote-session-freerdp.in delete mode 100644 lightdm-remote-session-x2go.in delete mode 100644 lightdm-remote-x2go delete mode 100755 x2go-session.in delete mode 100644 x2go.desktop.in diff --git a/Makefile.am b/Makefile.am index ab1ae86..062d0f1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -45,9 +45,9 @@ x2go_session_wrapper_CFLAGS = \ EXTRA_DIST = \ $(pam_session_DATA) \ - x2go.desktop.in \ - x2go-session.in \ - lightdm-remote-session-x2go.in + freerdp.desktop.in \ + freerdp-session.in \ + lightdm-remote-session-freerdp.in CLEANFILES = \ x2go.desktop \ diff --git a/freerdp-session.in b/freerdp-session.in new file mode 100755 index 0000000..e95786f --- /dev/null +++ b/freerdp-session.in @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ -e ~/.x2go-socket ]; then + @libexecdir@/socket-sucker | /usr/bin/pyhoca-cli --from-stdin +else + zenity --warning --text="Unable to locate X2GoSession/PyHoca socket" +fi; + +rm -f ~/.x2go-socket diff --git a/freerdp.desktop.in b/freerdp.desktop.in new file mode 100644 index 0000000..f976b14 --- /dev/null +++ b/freerdp.desktop.in @@ -0,0 +1,8 @@ +[Desktop Entry] +Name=FreeRDP +Comment=Full Screen X2Go Session +Exec=@libexecdir@/x2go-session-wrapper +TryExec=@libexecdir@/x2go-session-wrapper +Icon= +Type=Application +X-LightDM-PAM-Service=lightdm-remote-freerdp diff --git a/lightdm-remote-session-freerdp.in b/lightdm-remote-session-freerdp.in new file mode 100644 index 0000000..9709a92 --- /dev/null +++ b/lightdm-remote-session-freerdp.in @@ -0,0 +1,71 @@ +# vim:syntax=apparmor +# Profile for restricting lightdm remote session for X2Go +# Based on the Guest Account Apparmor script from: +# Author: Martin Pitt + +#include + +@libexecdir@/x2go-session-wrapper { + #include + #include + #include + /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678 + + / r, + /bin/ rmix, + /bin/fusermount Px, + /bin/** rmix, + /cdrom/ rmix, + /cdrom/** rmix, + /dev/ r, + /dev/** rmw, # audio devices etc. + owner /dev/shm/** rmw, + /etc/ r, + /etc/** rmk, + /etc/gdm/Xsession ix, + /lib/ r, + /lib/** rmixk, + /lib32/ r, + /lib32/** rmixk, + /lib64/ r, + /lib64/** rmixk, + owner /media/ r, + owner /media/** rmwlixk, # we want access to USB sticks and the like + /opt/ r, + /opt/** rmixk, + @{PROC}/ r, + @{PROC}/* rm, + @{PROC}/asound rm, + @{PROC}/asound/** rm, + @{PROC}/ati rm, + @{PROC}/ati/** rm, + owner @{PROC}/** rm, + # needed for gnome-keyring-daemon + @{PROC}/*/status r, + /sbin/ r, + /sbin/** rmixk, + /sys/ r, + /sys/** rm, + /tmp/ rw, + owner /tmp/** rwlkmix, + /usr/ r, + /usr/** rmixk, + /var/ r, + /var/** rmixk, + /var/guest-data/** rw, # allow to store files permanently + /var/tmp/ rw, + owner /var/tmp/** rwlkm, + /{,var/}run/ r, + # necessary for writing to sockets, etc. + /{,var/}run/** rmkix, + /{,var/}run/shm/** wl, + + capability ipc_lock, + + # silence warnings for stuff that we really don't want to grant + deny capability dac_override, + deny capability dac_read_search, + #deny /etc/** w, # re-enable once LP#697678 is fixed + deny /usr/** w, + deny /var/crash/ w, +} diff --git a/lightdm-remote-session-x2go.in b/lightdm-remote-session-x2go.in deleted file mode 100644 index 9709a92..0000000 --- a/lightdm-remote-session-x2go.in +++ /dev/null @@ -1,71 +0,0 @@ -# vim:syntax=apparmor -# Profile for restricting lightdm remote session for X2Go -# Based on the Guest Account Apparmor script from: -# Author: Martin Pitt - -#include - -@libexecdir@/x2go-session-wrapper { - #include - #include - #include - /etc/compizconfig/config rw, # bug in compiz https://launchpad.net/bugs/697678 - - / r, - /bin/ rmix, - /bin/fusermount Px, - /bin/** rmix, - /cdrom/ rmix, - /cdrom/** rmix, - /dev/ r, - /dev/** rmw, # audio devices etc. - owner /dev/shm/** rmw, - /etc/ r, - /etc/** rmk, - /etc/gdm/Xsession ix, - /lib/ r, - /lib/** rmixk, - /lib32/ r, - /lib32/** rmixk, - /lib64/ r, - /lib64/** rmixk, - owner /media/ r, - owner /media/** rmwlixk, # we want access to USB sticks and the like - /opt/ r, - /opt/** rmixk, - @{PROC}/ r, - @{PROC}/* rm, - @{PROC}/asound rm, - @{PROC}/asound/** rm, - @{PROC}/ati rm, - @{PROC}/ati/** rm, - owner @{PROC}/** rm, - # needed for gnome-keyring-daemon - @{PROC}/*/status r, - /sbin/ r, - /sbin/** rmixk, - /sys/ r, - /sys/** rm, - /tmp/ rw, - owner /tmp/** rwlkmix, - /usr/ r, - /usr/** rmixk, - /var/ r, - /var/** rmixk, - /var/guest-data/** rw, # allow to store files permanently - /var/tmp/ rw, - owner /var/tmp/** rwlkm, - /{,var/}run/ r, - # necessary for writing to sockets, etc. - /{,var/}run/** rmkix, - /{,var/}run/shm/** wl, - - capability ipc_lock, - - # silence warnings for stuff that we really don't want to grant - deny capability dac_override, - deny capability dac_read_search, - #deny /etc/** w, # re-enable once LP#697678 is fixed - deny /usr/** w, - deny /var/crash/ w, -} diff --git a/lightdm-remote-x2go b/lightdm-remote-x2go deleted file mode 100644 index 86c3206..0000000 --- a/lightdm-remote-x2go +++ /dev/null @@ -1,7 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -auth required pam_x2go.so -session required pam_limits.so -session required pam_x2go.so diff --git a/x2go-session.in b/x2go-session.in deleted file mode 100755 index ed59988..0000000 --- a/x2go-session.in +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -if [ -e ~/.x2go-socket ]; then - @pkglibexecdir@/socket-sucker | /usr/bin/pyhoca-cli --from-stdin -else - zenity --warning --text="Unable to locate X2GoSession/PyHoca socket" -fi; - -rm -f ~/.x2go-socket diff --git a/x2go.desktop.in b/x2go.desktop.in deleted file mode 100644 index f73154e..0000000 --- a/x2go.desktop.in +++ /dev/null @@ -1,8 +0,0 @@ -[Desktop Entry] -Name=X2Go -Comment=Full Screen X2Go Session -Exec=@libexecdir@/x2go-session-wrapper -TryExec=@libexecdir@/x2go-session-wrapper -Icon= -Type=Application -X-LightDM-PAM-Service=lightdm-remote-freerdp -- cgit v1.2.3