diff --git a/linux/limitedadmins b/linux/limitedadmins index 2b8e588..be03132 100644 --- a/linux/limitedadmins +++ b/linux/limitedadmins @@ -11,3 +11,4 @@ Defaults!/etc/init.d/kinto setenv,env_reset,env_delete+=PATH,env_delete+=LD_PREL %{username} ALL=NOPASSWD: {pkill} -f bin/xkeysnail %{username} ALL=NOPASSWD: {xkeysnail} * %{username} ALL=NOPASSWD: {systemctl} is-active --quiet xkeysnail +%{username} ALL=NOPASSWD: /usr/lib/systemd/system/xkeysnail.service diff --git a/linux/xkeysnail.service b/linux/xkeysnail.service index a05919d..28c1604 100755 --- a/linux/xkeysnail.service +++ b/linux/xkeysnail.service @@ -4,8 +4,8 @@ Description=xkeysnail [Service] Type=simple KillMode=process -ExecStart=/usr/bin/sudo /bin/bash -c '/usr/bin/xhost +SI:localuser:root && {homedir}/.config/kinto/killdups.sh && {xkeysnail} --quiet --watch {homedir}/.config/kinto/kinto.py' -ExecStop=/usr/bin/sudo /bin/bash -c '/usr/bin/sudo pkill -f bin/xkeysnail && exit 0' +ExecStart={sudo}/bin/bash -c '/usr/bin/xhost +SI:localuser:root && {homedir}/.config/kinto/killdups.sh && {xkeysnail} --quiet --watch {homedir}/.config/kinto/kinto.py' +ExecStop={sudo}/bin/bash -c '{sudo}pkill -f bin/xkeysnail && exit 0' Restart=on-failure RestartSec=3 Environment=DISPLAY={displayid} diff --git a/xkeysnail_service.sh b/xkeysnail_service.sh index bbfe5eb..a3330fa 100755 --- a/xkeysnail_service.sh +++ b/xkeysnail_service.sh @@ -329,25 +329,6 @@ if [[ $distro == 'kdeneon' ]]; then fi if [[ $distro == 'fedora' ]]; then - echo "Checking SELinux status..." - if [[ $(perl -ne 'print if /^SELINUX=enforcing/' /etc/selinux/config | wc -l) != 0 ]]; then - while true; do - read -rep $'\nWould you like to update your SELinux state from enforcing to permissive? (y/n)\n' yn - case $yn in - [Yy]* ) setSE='yes'; break;; - [Nn]* ) exp='no'; expsh=" " break;; - # * ) echo "Please answer yes or no.";; - esac - done - - if [[ $yn == "yes" ]]; then - sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config - echo "/etc/selinux/config has been updated. Please reboot your computer before continuing." - exit 0 - fi - else - echo "SELinux state should be ok for Kinto to install" - fi if [[ $(gsettings get org.gnome.desktop.wm.keybindings show-desktop | grep "\[\]" | wc -l) == 1 ]];then gsettings set org.gnome.desktop.wm.keybindings show-desktop "['d']" else @@ -520,6 +501,11 @@ fi if [[ $distro == "fedora" ]]; then perl -pi -e "\s{4}(# )(K.*)(# SL - .*fedora.*)/ \$2\$3/g" ./linux/kinto.py.new >/dev/null 2>&1 + sed -i "s#{sudo}##g" ./linux/xkeysnail.service.new + selinuxuser=system_u + selinuxtype=systemd_unit_file_t +else + sed -i "s#{sudo}#`\\which sudo` #g" ./linux/xkeysnail.service.new fi if [[ $distro == "elementaryos" ]]; then @@ -590,6 +576,10 @@ if ! [[ $1 == "5" || $1 == "uninstall" || $1 == "Uninstall" ]]; then exit 0 fi sed -i "s#{xkeysnail}#`which xkeysnail`#g" ./linux/limitedadmins.new + if [[ $distro == "fedora" ]]; then + echo "Changing SELinux context" + sudo chcon -v --user=$selinuxuser --type=$selinuxtype "$xkeypath"xkeysnail.service + fi sudo chown root:root ./linux/limitedadmins.new # Add a check here for xkeysnail path resolving sudo mv ./linux/limitedadmins.new /etc/sudoers.d/limitedadmins @@ -598,10 +588,19 @@ if ! [[ $1 == "5" || $1 == "uninstall" || $1 == "Uninstall" ]]; then sed -i "s#{xkeysnail}#`which xkeysnail`#g" ./linux/xkeysnail.service.new sudo mv ./linux/xkeysnail.service.new "$xkeypath"xkeysnail.service && echo "Service file added to "$xkeypath"xkeysnail.service" - sudo chown -R root:root "$xkeypath"xkeysnail.service && echo "Ownership set for root..." || echo "Failed to set ownership..." - sudo chmod 644 "$xkeypath"xkeysnail.service && echo "Permissions set to 644..." || echo "Failed to set permissions..." - sudo ln -s "$xkeypath"xkeysnail.service /etc/systemd/system/xkeysnail.service && echo "Created soft symlink..." || echo "Failed to create soft symlink..." - sudo ln -s "$xkeypath"xkeysnail.service /etc/systemd/system/graphical.target.wants/xkeysnail.service && echo "Created soft symlink for graphical target..." || echo "Failed to create soft symlink for graphical target..." + if [[ $distro == "fedora" ]]; then + sudo cp "$xkeypath"xkeysnail.service /etc/systemd/system/xkeysnail.service && echo "Copied service file to system..." || echo "Failed to create copy..." + sudo cp "$xkeypath"xkeysnail.service /etc/systemd/system/graphical.target.wants/xkeysnail.service && echo "Copied service file to system for graphical target..." || echo "Failed to create copy for graphical target..." + sudo chown -R root:root /etc/systemd/system/xkeysnail.service && echo "Ownership set for root..." || echo "Failed to set ownership..." + sudo chown -R root:root /etc/systemd/system/graphical.target.wants/xkeysnail.service && echo "Ownership set for root..." || echo "Failed to set ownership..." + sudo chmod 644 /etc/systemd/system/xkeysnail.service && echo "Permissions set to 644..." || echo "Failed to set permissions..." + sudo chmod 644 /etc/systemd/system/graphical.target.wants/xkeysnail.service && echo "Permissions set to 644..." || echo "Failed to set permissions..." + else + sudo chown -R root:root "$xkeypath"xkeysnail.service && echo "Ownership set for root..." || echo "Failed to set ownership..." + sudo chmod 644 "$xkeypath"xkeysnail.service && echo "Permissions set to 644..." || echo "Failed to set permissions..." + sudo ln -s "$xkeypath"xkeysnail.service /etc/systemd/system/xkeysnail.service && echo "Created soft symlink..." || echo "Failed to create soft symlink..." + sudo ln -s "$xkeypath"xkeysnail.service /etc/systemd/system/graphical.target.wants/xkeysnail.service && echo "Created soft symlink for graphical target..." || echo "Failed to create soft symlink for graphical target..." + fi sudo systemctl daemon-reload sudo systemctl disable xkeysnail sudo systemctl stop xkeysnail