From a38ee8d3adc95748ad681d286176e4edfd4c3261 Mon Sep 17 00:00:00 2001 From: totaam Date: Sun, 31 Oct 2021 13:06:32 +0700 Subject: [PATCH] #3217 use a dedicated proxy session directory --- fs/lib/systemd/system/xpra.service | 4 ++-- fs/lib/tmpfiles.d/xpra.conf | 1 + xpra/scripts/main.py | 2 +- xpra/scripts/server.py | 17 ++++++++++------- 4 files changed, 14 insertions(+), 10 deletions(-) diff --git a/fs/lib/systemd/system/xpra.service b/fs/lib/systemd/system/xpra.service index 06761c9436..75ca2e57ed 100644 --- a/fs/lib/systemd/system/xpra.service +++ b/fs/lib/systemd/system/xpra.service @@ -12,11 +12,11 @@ ExecStart=/usr/bin/xpra proxy :14500 --daemon=no \ --tcp-auth=${TCP_AUTH} \ --ssl-cert=/etc/xpra/ssl-cert.pem --ssl=on \ --bind=none --auth=${AUTH} --socket-permissions=666 \ - --log-dir=/var/log --pidfile=/run/xpra/proxy.pid --debug=${DEBUG} + --log-dir=/var/log --pidfile=/run/xpra/proxy/server.pid --debug=${DEBUG} #rely on SIGKILL which returns 128+15=143 SuccessExitStatus=0 143 Restart=on-abnormal -PIDFile=/run/xpra/proxy.pid +PIDFile=/run/xpra/proxy/server.pid ProtectSystem=strict ReadWritePaths=/run/xpra /tmp #PrivateDevices=true diff --git a/fs/lib/tmpfiles.d/xpra.conf b/fs/lib/tmpfiles.d/xpra.conf index 383dba3313..f62655595f 100644 --- a/fs/lib/tmpfiles.d/xpra.conf +++ b/fs/lib/tmpfiles.d/xpra.conf @@ -1,3 +1,4 @@ # This is the shared directory where users of the xpra group # can place sockets if they want to be able to share them. d /run/xpra 0775 - xpra +d /run/xpra/proxy 0700 - xpra diff --git a/xpra/scripts/main.py b/xpra/scripts/main.py index 5d95603de0..92d1b428c8 100755 --- a/xpra/scripts/main.py +++ b/xpra/scripts/main.py @@ -2780,7 +2780,7 @@ def kill_pid(pid): #also clean client sockets? dotxpra = DotXpra(opts.socket_dir, opts.socket_dirs) for display in clean: - session_dir = get_session_dir(opts.sessions_dir, display, uid) + session_dir = get_session_dir(None, opts.sessions_dir, display, uid) if not os.path.exists(session_dir): print("session %s not found" % (display,)) continue diff --git a/xpra/scripts/server.py b/xpra/scripts/server.py index 2e114a3af8..1f35f72bc7 100644 --- a/xpra/scripts/server.py +++ b/xpra/scripts/server.py @@ -348,7 +348,7 @@ def write_displayfd(display_name, fd): log.error(" %s", str(e) or type(e)) -def get_session_dir(sessions_dir, display_name, uid): +def get_session_dir(mode, sessions_dir, display_name, uid): session_dir = osexpand(os.path.join(sessions_dir, display_name.lstrip(":")), uid=uid) if not os.path.exists(session_dir): ROOT = POSIX and getuid()==0 @@ -358,12 +358,15 @@ def get_session_dir(sessions_dir, display_name, uid): #so try to find a more suitable directory we can use: for d in ("/run/xpra", "/var/run/xpra", "/tmp"): if os.path.exists(d): - session_dir = d - break + if mode=="proxy" and (display_name or "").lstrip(":").split(",")[0]=="14500": + #stash the system wide proxy session files in a 'proxy' subdirectory: + return os.path.join(d, "proxy") + #otherwise just use the display as subdirectory name: + return os.path.join(d, (display_name or "").lstrip(":")) return session_dir -def make_session_dir(sessions_dir, display_name, uid=0, gid=0): - session_dir = get_session_dir(sessions_dir, display_name, uid) +def make_session_dir(mode, sessions_dir, display_name, uid=0, gid=0): + session_dir = get_session_dir(mode, sessions_dir, display_name, uid) if not os.path.exists(session_dir): try: os.makedirs(session_dir, 0o750) @@ -945,7 +948,7 @@ def write_session_file(filename, contents): os.environ.pop("DISPLAY", None) os.environ.update(protected_env) - session_dir = make_session_dir(opts.sessions_dir, display_name, uid, gid) + session_dir = make_session_dir(mode, opts.sessions_dir, display_name, uid, gid) os.environ["XPRA_SESSION_DIR"] = session_dir #populate it: if run_xpra_script: @@ -1149,7 +1152,7 @@ def xvfb_terminated(): if pam: pam.set_items({"XDISPLAY" : display_name}) if session_dir: - new_session_dir = get_session_dir(opts.sessions_dir, display_name, uid) + new_session_dir = get_session_dir(mode, opts.sessions_dir, display_name, uid) if new_session_dir!=session_dir: try: if os.path.exists(new_session_dir):