From 66bfd651af618bf30f01037b2b5b79a1725c1bba Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Wed, 18 Feb 2015 12:03:57 +0100 Subject: itzks-systems-smartboard: Start SMARTBoardService daemon in user context (not as root) and provide proper udev rules to grant normal users sufficient access to SMART whiteboard devices. --- bin/smarttech-SMARTBoardService | 2 +- bin/smarttech-SMARTBoardService.as-root | 3 --- debian/changelog | 3 +++ debian/control | 10 ++++---- debian/itzks-systems-smartboard.install | 3 ++- etc/schroot/chroot.d/precise-i386-smartboard-ITZkS | 2 +- etc/schroot/slxdesktop.ITZkS/copyfiles | 4 ++++ etc/schroot/slxdesktop.ITZkS/fstab | 27 ++++++++++++++++++++++ etc/schroot/slxdesktop.ITZkS/nssdatabases | 11 +++++++++ lib-udev-rules.d/60-SMARTBoard32.rules | 23 ++++++++++++++++++ ...ebian.pkexec.smarttech-SMARTBoardService.policy | 19 --------------- 11 files changed, 77 insertions(+), 30 deletions(-) delete mode 100755 bin/smarttech-SMARTBoardService.as-root create mode 100644 etc/schroot/slxdesktop.ITZkS/copyfiles create mode 100644 etc/schroot/slxdesktop.ITZkS/fstab create mode 100644 etc/schroot/slxdesktop.ITZkS/nssdatabases create mode 100644 lib-udev-rules.d/60-SMARTBoard32.rules delete mode 100644 share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy diff --git a/bin/smarttech-SMARTBoardService b/bin/smarttech-SMARTBoardService index 8b91702..fa53617 100755 --- a/bin/smarttech-SMARTBoardService +++ b/bin/smarttech-SMARTBoardService @@ -1,3 +1,3 @@ #!/bin/bash -pkexec smarttech-SMARTBoardService.as-root \ No newline at end of file +schroot -p -c precise-i386-smartboard-ITZkS "/opt/SMART Technologies/SMART Product Drivers/bin/SMARTBoardService" -start & \ No newline at end of file diff --git a/bin/smarttech-SMARTBoardService.as-root b/bin/smarttech-SMARTBoardService.as-root deleted file mode 100755 index eaeb97c..0000000 --- a/bin/smarttech-SMARTBoardService.as-root +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -schroot -p -u root -c precise-i386-smartboard-ITZkS "/opt/SMART Technologies/SMART Product Drivers/bin/SMARTBoardService" -start & \ No newline at end of file diff --git a/debian/changelog b/debian/changelog index 790954d..6797e8f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ itzks-systems (2015.02.17.1) UNRELEASED; urgency=medium * debian/control: + Add D (workstation-like systems): audacity. + * itzks-systems-smartboard: Start SMARTBoardService daemon in user + context (not as root) and provide proper udev rules to grant + normal users sufficient access to SMART whiteboard devices. -- Mike Gabriel Tue, 17 Feb 2015 13:55:00 +0100 diff --git a/debian/control b/debian/control index 9a8c8db..9fe7e31 100644 --- a/debian/control +++ b/debian/control @@ -380,7 +380,6 @@ Depends: mate-desktop-environment, mate-desktop-environment-extras, mate-media-pulse, - mate-screensaver, mate-settings-daemon-pulse, mc, memtest86, @@ -528,7 +527,6 @@ Depends: imagemagick, itzks-keyring, kdm, - kdm-gdmcompat, kturtle, lazarus, libreoffice, @@ -569,7 +567,6 @@ Depends: mate-desktop-environment, mate-desktop-environment-extras, mate-media-pulse, - mate-screensaver, mate-settings-daemon-pulse, mc, musescore, @@ -720,7 +717,6 @@ Depends: imagemagick, itzks-keyring, kdm, - kdm-gdmcompat, kturtle, lazarus, libreoffice, @@ -761,7 +757,6 @@ Depends: mate-desktop-environment, mate-desktop-environment-extras, mate-media-pulse, - mate-screensaver, mate-settings-daemon-pulse, mc, musescore, @@ -848,6 +843,8 @@ Conflicts: openoffice.org-thesaurus-de, openoffice.org-thesaurus-de-ch, openoffice.org-writer, +Recommends: + kdm-gdmcompat, Description: Profiling for ITZkS Workstation Systems Install this package to pull in all dependencies required on ITZkS (diskfull) Workstation systems. @@ -862,6 +859,9 @@ Depends: ${misc:Depends}, Recommends: itzks-systems-workstation (>= ${source:Version}), + xscreensaver, +Conflicts: + mate-screensaver, Description: Profiling for ITZkS Workstation Systems running a SMART Board Install this package to pull in all dependencies required on ITZkS (diskfull) Workstation systems. diff --git a/debian/itzks-systems-smartboard.install b/debian/itzks-systems-smartboard.install index 5db729b..8e21a6c 100644 --- a/debian/itzks-systems-smartboard.install +++ b/debian/itzks-systems-smartboard.install @@ -1,5 +1,6 @@ bin/smarttech* usr/bin/ etc/xdg/autostart/smarttech-SMART*.desktop etc/xdg/autostart/ etc/schroot/chroot.d/precise-i386-smartboard-ITZkS etc/schroot/chroot.d/ +etc/schroot/slxdesktop.ITZkS etc/schroot/ share/itzks-systems-smartboard/ usr/share/ -share/polkit-1/actions/*smarttech*.policy usr/share/polkit-1/actions/ \ No newline at end of file +lib-udev-rules.d/60-SMARTBoard32.rules lib/udev/rules.d/ \ No newline at end of file diff --git a/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS b/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS index eb1ace3..f61334d 100644 --- a/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS +++ b/etc/schroot/chroot.d/precise-i386-smartboard-ITZkS @@ -5,5 +5,5 @@ description=Ubuntu precise/i386 with SMART Notebook directory=/srv/schroot/precise-i386-smartboard-ITZkS groups=root,teachers,admins,sudo root-groups=root,admins,sudo -profile=desktop +profile=slxdesktop.ITZkS personality=linux32 diff --git a/etc/schroot/slxdesktop.ITZkS/copyfiles b/etc/schroot/slxdesktop.ITZkS/copyfiles new file mode 100644 index 0000000..22b2961 --- /dev/null +++ b/etc/schroot/slxdesktop.ITZkS/copyfiles @@ -0,0 +1,4 @@ +# Files to copy into the chroot from the host system. +# +# +/etc/resolv.conf diff --git a/etc/schroot/slxdesktop.ITZkS/fstab b/etc/schroot/slxdesktop.ITZkS/fstab new file mode 100644 index 0000000..481db98 --- /dev/null +++ b/etc/schroot/slxdesktop.ITZkS/fstab @@ -0,0 +1,27 @@ +# fstab: static file system information for chroots. +# Note that the mount point will be prefixed by the chroot path +# (CHROOT_PATH) +# +# +/proc /proc none rw,bind 0 0 +/sys /sys none rw,bind 0 0 +/dev /dev none rw,bind 0 0 +/dev/pts /dev/pts none rw,bind 0 0 +/home /home none rw,bind 0 0 +/tmp /tmp none rw,bind 0 0 +/srv /srv none rw,bind 0 0 +/skole /skole none rw,rbind 0 0 + +# If you use gdm3, uncomment this line to allow Xauth to work +#/var/run/gdm3 /var/run/gdm3 none rw,bind 0 0 +# For PulseAudio and other desktop-related things +/var/lib/dbus /var/lib/dbus none rw,bind 0 0 + +# It may be desirable to have access to /run, especially if you wish +# to run additional services in the chroot. However, note that this +# may potentially cause undesirable behaviour on upgrades, such as +# killing services on the host. +#/run /run none rw,bind 0 0 +#/run/lock /run/lock none rw,bind 0 0 +#/dev/shm /dev/shm none rw,bind 0 0 +#/run/shm /run/shm none rw,bind 0 0 diff --git a/etc/schroot/slxdesktop.ITZkS/nssdatabases b/etc/schroot/slxdesktop.ITZkS/nssdatabases new file mode 100644 index 0000000..722a451 --- /dev/null +++ b/etc/schroot/slxdesktop.ITZkS/nssdatabases @@ -0,0 +1,11 @@ +# System databases to copy into the chroot from the host system. +# +# +passwd +shadow +group +gshadow +services +protocols +networks +hosts diff --git a/lib-udev-rules.d/60-SMARTBoard32.rules b/lib-udev-rules.d/60-SMARTBoard32.rules new file mode 100644 index 0000000..1737de2 --- /dev/null +++ b/lib-udev-rules.d/60-SMARTBoard32.rules @@ -0,0 +1,23 @@ +#SMART Technologies rules for permissions. +SUBSYSTEM=="usb", ATTR{idVendor}=="0b8c", MODE="0666" +SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_interface", ATTR{idVendor}=="0b8c", MODE="0666" +SUBSYSTEMS=="usb", DRIVERS=="usb", ATTRS{idVendor}=="0b8c", MODE:="0666" +# +#Kernel 2.6.32 and greater has a bug that causes the mouse pointer to jump to the top left corner in HID mouse mode. +#Disable the event stream for affected products. +#Actually the bug began in 2.6.30, but these rules only work on 2.6.32. You need an fdi policy file to work around 2.6.31. +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0001", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0002", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0003", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0004", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0005", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0006", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0007", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0008", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="000a", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="000b", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0017", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0060", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0061", NAME="SB%k" +#KERNEL=="event*", ATTRS{idVendor}=="0b8c", ATTRS{idProduct}=="0042", NAME="SB%k" + diff --git a/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy b/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy deleted file mode 100644 index 6184c57..0000000 --- a/share/polkit-1/actions/org.debian.pkexec.smarttech-SMARTBoardService.policy +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - Authentication is required to run the SMART Board Service - system-run - - no - no - yes - - /usr/bin/smarttech-SMARTBoardService.as-root - true - - - -- cgit v1.2.3