diff options
| author | muradm <mail@muradm.net> | 2023-05-22 22:06:51 +0300 |
|---|---|---|
| committer | Josselin Poiret <dev@jpoiret.xyz> | 2023-06-04 10:33:55 +0200 |
| commit | f4f5ee6ad6e2432f52e37c549211df8f1cdbb571 (patch) | |
| tree | baf0dbfeb3ec16e4001ad8001dc190ebd42b0e0d /gnu/services/desktop.scm | |
| parent | 65bce4d9f9302bc798717d73548bbe5ceb802151 (diff) | |
| download | guix-patches-f4f5ee6ad6e2432f52e37c549211df8f1cdbb571.tar guix-patches-f4f5ee6ad6e2432f52e37c549211df8f1cdbb571.tar.gz | |
services: screen-locker-service-type: Configurable PAM and setuid.
screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
Diffstat (limited to 'gnu/services/desktop.scm')
| -rw-r--r-- | gnu/services/desktop.scm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 64eac1117d..a63748b652 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -1839,10 +1839,12 @@ applications needing access to be root.") ;; Screen lockers are a pretty useful thing and these are small. (service screen-locker-service-type (screen-locker-configuration - "slock" (file-append slock "/bin/slock") #f)) + (name "slock") + (program (file-append slock "/bin/slock")))) (service screen-locker-service-type (screen-locker-configuration - "xlock" (file-append xlockmore "/bin/xlock") #f)) + (name "xlock") + (program (file-append xlockmore "/bin/xlock")))) ;; Add udev rules for MTP devices so that non-root users can access ;; them. |