* Start authentication when scrolling through GTK greeter entries
* Link liblightdm-qt against QtGui
* Fix liblightdm-qt crashing when face images are installed
+ * Introduce a lightdm-guest-session-wrapper session command which MAC
+ systems like AppArmor and SELinux can use for attaching a restrictive
+ policy to guest sessions.
Overview of changes in lightdm 1.0.0
lightdm_CFLAGS = \
$(LIGHTDM_CFLAGS) \
$(WARN_CFLAGS) \
+ -DLIBEXEC_DIR=\"$(libexecdir)\" \
-DPKGLIBEXEC_DIR=\"$(pkglibexecdir)\" \
-DSBIN_DIR=\"$(sbindir)\" \
-DCONFIG_DIR=\"$(sysconfdir)/lightdm\" \
$(LIGHTDM_LIBS) \
-lpam
+libexec_PROGRAMS = lightdm-guest-session-wrapper
+
+lightdm_guest_session_wrapper_SOURCES = lightdm-guest-session-wrapper.c
+
+lightdm_guest_session_wrapper_CFLAGS = \
+ $(LIGHTDM_CFLAGS) \
+ $(WARN_CFLAGS)
+
EXTRA_DIST = ldm-marshal.list \
display-manager.xml
}
}
+ /* for a guest session, run command through the wrapper covered by MAC */
+ if (display->priv->autologin_guest)
+ {
+ gchar *t = command;
+ command = g_strdup_printf (LIBEXEC_DIR "/lightdm-guest-session-wrapper %s", command);
+ g_debug("Guest session, running session command through wrapper: %s", command);
+ g_free (t);
+ }
+
g_signal_emit (display, signals[CREATE_SESSION], 0, &session);
g_return_val_if_fail (session != NULL, NULL);
--- /dev/null
+/* -*- Mode: C; indent-tabs-mode: nil; tab-width: 4 -*-
+ *
+ * Copyright (C) 2011 Canonical Ltd.
+ * Author: Martin Pitt <martin.pitt@ubuntu.com>
+ *
+ * This program is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later
+ * version. See http://www.gnu.org/copyleft/gpl.html the full text of the
+ * license.
+ */
+
+/* This is a simple wrapper which just re-execve()'s the program given as its
+ * arguments. This allows MAC systems like AppArmor or SELinux to apply a
+ * policy on this wrapper which applies to guest sessions only. */
+
+#include <unistd.h>
+
+int
+main (int argc, char *argv[], char *envp[])
+{
+ if (argc < 2)
+ return 1;
+ execve (argv[1], argv+1, envp);
+}