From a7b8122df9e727835cf5171baf2f4cff3128b64e Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Thu, 30 May 2024 23:42:53 +0200 Subject: [PATCH 1/2] Export dbus address for the notification server Only screenshare script requires as of today, but put it in webcam also for future proof as it doesn't cause any harm. Assigning variable and declaration made separate due to ShellCheck warning SC2155. For: https://github.com/QubesOS/qubes-issues/issues/6426 Fixes: https://github.com/QubesOS/qubes-issues/issues/8457 Fixes: https://github.com/QubesOS/qubes-video-companion/issues/15 --- qubes-rpc/services/qvc.ScreenShare | 6 ++++-- qubes-rpc/services/qvc.Webcam | 8 +++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/qubes-rpc/services/qvc.ScreenShare b/qubes-rpc/services/qvc.ScreenShare index 6878f05..b67aa42 100755 --- a/qubes-rpc/services/qvc.ScreenShare +++ b/qubes-rpc/services/qvc.ScreenShare @@ -1,7 +1,9 @@ #!/bin/sh -- - # Copyright (C) 2021 Elliot Killick # Copyright (C) 2021 Demi Marie Obenour # Licensed under the MIT License. See LICENSE file for details. -export DISPLAY=:0 +set -eu +true "${XDG_RUNTIME_DIR:="/run/user/$(id -u)"}" +true "${DBUS_SESSION_BUS_ADDRESS:="unix:path=${XDG_RUNTIME_DIR}/bus"}" +export DISPLAY=:0 XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS exec python3 -- /usr/share/qubes-video-companion/sender/screenshare.py diff --git a/qubes-rpc/services/qvc.Webcam b/qubes-rpc/services/qvc.Webcam index 7878428..8f66f6f 100755 --- a/qubes-rpc/services/qvc.Webcam +++ b/qubes-rpc/services/qvc.Webcam @@ -1,7 +1,9 @@ #!/bin/sh -- - # Copyright (C) 2021 Elliot Killick # Copyright (C) 2021 Demi Marie Obenour # Licensed under the MIT License. See LICENSE file for details. -export DISPLAY=:0 -exec python3 -- /usr/share/qubes-video-companion/sender/webcam.py ${1:+"$1"} +set -eu +true "${XDG_RUNTIME_DIR:="/run/user/$(id -u)"}" +true "${DBUS_SESSION_BUS_ADDRESS:="unix:path=${XDG_RUNTIME_DIR}/bus"}" +export DISPLAY=:0 XDG_RUNTIME_DIR DBUS_SESSION_BUS_ADDRESS +exec python3 -- /usr/share/qubes-video-companion/sender/webcam.py "${1:+"$1"}" From c28cc08eed6cb2deebda3ebf0237b120022c1b59 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Wed, 29 May 2024 19:03:12 +0200 Subject: [PATCH 2/2] Update policy format Fixes: https://github.com/QubesOS/qubes-issues/issues/9271 --- Makefile | 11 ++++++----- .../policies/90-default-video-companion.policy | 14 ++++++++++++++ qubes-rpc/policies/qvc.ScreenShare | 5 ----- qubes-rpc/policies/qvc.Webcam | 4 ---- rpm_spec/qubes-video-companion-dom0.spec.in | 3 +-- 5 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 qubes-rpc/policies/90-default-video-companion.policy delete mode 100644 qubes-rpc/policies/qvc.ScreenShare delete mode 100644 qubes-rpc/policies/qvc.Webcam diff --git a/Makefile b/Makefile index bb074f1..4b19e35 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,8 @@ PKGNAME = qubes-video-companion BINDIR ?= /usr/bin DATADIR ?= /usr/share SYSCONFDIR ?= /etc -QREXECDIR ?= $(SYSCONFDIR)/qubes-rpc +QREXECSERVICEDIR ?= $(SYSCONFDIR)/qubes-rpc +QREXECPOLICYDIR ?= $(SYSCONFDIR)/qubes/policy.d PYTHON ?= python3 INSTALL_DIR = install -d -- @@ -47,8 +48,8 @@ install-vm: install-both install-dom0: install-both install-policy install-tests install-both: - $(INSTALL_DIR) $(DESTDIR)$(QREXECDIR) - $(INSTALL_PROGRAM) qubes-rpc/services/qvc.Webcam qubes-rpc/services/qvc.ScreenShare $(DESTDIR)$(QREXECDIR) + $(INSTALL_DIR) $(DESTDIR)$(QREXECSERVICEDIR) + $(INSTALL_PROGRAM) qubes-rpc/services/qvc.Webcam qubes-rpc/services/qvc.ScreenShare $(DESTDIR)$(QREXECSERVICEDIR) $(INSTALL_DIR) $(DESTDIR)$(DATADIR)/$(PKGNAME)/sender $(INSTALL_PROGRAM) sender/*.py $(DESTDIR)$(DATADIR)/$(PKGNAME)/sender $(INSTALL_DIR) $(DESTDIR)$(DATADIR)/doc/$(PKGNAME) @@ -57,8 +58,8 @@ install-both: $(INSTALL_DATA) doc/visualizations/* $(DESTDIR)$(DATADIR)/doc/$(PKGNAME)/visualizations install-policy: - $(INSTALL_DIR) $(DESTDIR)$(QREXECDIR)/policy - $(INSTALL_DATA) qubes-rpc/policies/* $(DESTDIR)$(QREXECDIR)/policy + $(INSTALL_DIR) $(DESTDIR)$(QREXECPOLICYDIR) + $(INSTALL_DATA) qubes-rpc/policies/* $(DESTDIR)$(QREXECPOLICYDIR) install-tests: cd tests && $(PYTHON) setup.py install -O1 --root $(DESTDIR) diff --git a/qubes-rpc/policies/90-default-video-companion.policy b/qubes-rpc/policies/90-default-video-companion.policy new file mode 100644 index 0000000..6fc3261 --- /dev/null +++ b/qubes-rpc/policies/90-default-video-companion.policy @@ -0,0 +1,14 @@ +## Do not modify this file, create a new policy file with a lower number in the +## filename instead. For example `30-user.policy`. + +### +### Policy Qubes Video Companion policy +### + +qvc.ScreenShare * @anyvm @dispvm allow +qvc.ScreenShare * @anyvm @adminvm ask +qvc.ScreenShare * @anyvm @anyvm ask + +qvc.Webcam * @anyvm @adminvm ask +qvc.Webcam * @anyvm @default ask +qvc.Webcam * @anyvm sys-usb ask diff --git a/qubes-rpc/policies/qvc.ScreenShare b/qubes-rpc/policies/qvc.ScreenShare deleted file mode 100644 index c678a4a..0000000 --- a/qubes-rpc/policies/qvc.ScreenShare +++ /dev/null @@ -1,5 +0,0 @@ -# Policy for Qubes Video Companion, R4.0 syntax -@anyvm @dispvm allow -@anyvm @default ask -@anyvm @anyvm ask -@anyvm dom0 ask diff --git a/qubes-rpc/policies/qvc.Webcam b/qubes-rpc/policies/qvc.Webcam deleted file mode 100644 index aaa03bd..0000000 --- a/qubes-rpc/policies/qvc.Webcam +++ /dev/null @@ -1,4 +0,0 @@ -# Policy for Qubes Video Companion, R4.0 syntax -@anyvm @default ask -@anyvm sys-usb ask -@anyvm dom0 ask diff --git a/rpm_spec/qubes-video-companion-dom0.spec.in b/rpm_spec/qubes-video-companion-dom0.spec.in index 96a90e1..d651f12 100644 --- a/rpm_spec/qubes-video-companion-dom0.spec.in +++ b/rpm_spec/qubes-video-companion-dom0.spec.in @@ -59,8 +59,7 @@ make DESTDIR=%{?buildroot} install-dom0 install-license %{_docdir}/qubes-video-companion/visualizations/* %{_sysconfdir}/qubes-rpc/qvc.Webcam %{_sysconfdir}/qubes-rpc/qvc.ScreenShare -%{_sysconfdir}/qubes-rpc/policy/qvc.Webcam -%{_sysconfdir}/qubes-rpc/policy/qvc.ScreenShare +%{_sysconfdir}/qubes/policy.d/90-default-video-companion.policy %{_datadir}/qubes-video-companion/sender/service.py %{_datadir}/qubes-video-companion/sender/webcam.py %{_datadir}/qubes-video-companion/sender/screenshare.py