Re: .desktop files installed by gui/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Nicolas Iooss <nicolas.iooss@xxxxxxx> writes:


Hello,

Currently, gui/Makefile installs three .desktop files:
* /usr/share/system-config-selinux/selinux-polgengui.desktop (with 
"Exec=/usr/bin/selinux-polgengui")
* /usr/share/system-config-selinux/sepolicy.desktop (with
"Exec=/usr/bin/sepolicy gui")
* /usr/share/system-config-selinux/system-config-selinux.desktop (with 
Exec=/usr/bin/system-config-selinux)

There are several issues about them:
* The first one does not work because "make install" does not create 
/usr/bin/selinux-polgengui. It creates
/usr/share/system-config-selinux/polgengui.py instead.
* The first two ones do not work on Arch Linux because the commands 
they use need to be run as root in order to load.
* None of them are seen by GNOME or XFCE, which look for .desktop files in /usr/share/applications/. This has been reported for Arch 
Linux on https://github.com/archlinuxhardened/selinux/issues/20.
Are these files used by other distributions? Would it break things if these files are moved to /usr/share/applications/ 

This is from Fedora policycoreutils.spec:

---
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \ 
   %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \ 
   %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop

desktop-file-install --dir %{buildroot}%{_datadir}/applications \
   %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop 
---

It's been like that for more than 6 years already.
Given that it addresses almost all the described problems I can say that 
your proposed changes won't break anything in Fedora.


and if pkexec is
introduced in order to run commands as root (ie.
selinux-polgengui.desktop is changed to "Exec=/usr/bin/pkexec
/usr/share/system-config-selinux/polgengui.py" and sepolicy.desktop to 
"Exec=/usr/bin/pkexec /usr/bin/sepolicy gui")?
/usr/share/system-config-selinux/polgengui.py works without root on 
Fedora.

sepolicy gui asks for privileges on "Action:
org.selinux.customized" which is decorated by
@slip.dbus.polkit.require_auth so I'm not sure if pkexec is really needed. 





Nicolas
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux