diff options
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | main.c | 88 |
2 files changed, 56 insertions, 40 deletions
@@ -1,13 +1,5 @@ This program fixes password prompt spam in GPU Screen Recorder when used from flatpak and keep removing the password prompt spam even after updating GPU Screen Recorder flatpak. This program is meant to be ran with flatpak-spawn --host. This program is not meant to be run by the user and is automatically launched from GPU Screen Recorder flatpak. -When this program is first run, it executes itself with pkexec and in that case it sets CAP_SYS_ADMIN capability on itself -after copying self to ~/.local/share/gpu-screen-recorder and launches gsr-kms-server (in flatpak location). -When this program is run after that it will check if its run from ~/.local/share/gpu-screen-recorder or launch that and it will see that the program has CAP_SYS_ADMIN capability -and will launch gsr-kms-server (in flatpak location). This program also sets CAP_SYS_ADMIN on gsr-kms-server in the flatpak app directory. - -Fallbacks are used. For example if it fails to create the file in ~/.local/share/gpu-screen-recorder and set capability on that then the gsr-kms-server is used directly, -which will keep its capabilities until GPU Screen Recorder flatpak is updated. If setting capabilities on gsr-kms-server also fails then gsr-kms-server is launched with pkexec, -so a password prompt will show up. The reason all of this is needed is because `setcap cap_sys_admin+ep gsr-kms-server` can't be done in the flatpak because of sandboxing so this is only done when you install GPU Screen Recorder from source/aur to workaround that limitation. @@ -9,6 +9,7 @@ #include <sys/sendfile.h> #include <sys/capability.h> +#define KMS_SERVER_PROXY_FILEPATH "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/kms-server-proxy" #define GSR_KMS_SERVER_FILEPATH "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/gsr-kms-server" #define GSR_GLOBAL_HOTKEYS_FILEPATH "/var/lib/flatpak/app/com.dec05eba.gpu_screen_recorder/current/active/files/bin/gsr-global-hotkeys" @@ -78,7 +79,7 @@ static int create_local_kms_server_proxy_directory(const char *home) { return 1; } -static int copy_file_atomic_set_capabilities(const char *source_path, const char *dest_path, const cap_value_t *caps_to_set, int num_caps_to_set) { +static int copy_file_atomic(const char *source_path, const char *dest_path) { int in_fd = -1; int out_fd = -1; int res = 0; @@ -109,9 +110,6 @@ static int copy_file_atomic_set_capabilities(const char *source_path, const char close(out_fd); if(res) - res = file_set_capabilities(tmp_filepath, caps_to_set, num_caps_to_set); - - if(res) res = rename(tmp_filepath, dest_path) == 0; return res; @@ -139,22 +137,40 @@ static int setup_gsr_ui(const char *user_homepath) { char kms_server_proxy_local_filepath[PATH_MAX]; /* Update kms-server-proxy-N to kms-server-proxy-N+1 on update (update that needs to run before this program launches itself) */ - snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-1", user_homepath); + snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-2", user_homepath); - //char gsr_global_hotkeys_local_filepath[PATH_MAX]; - //snprintf(gsr_global_hotkeys_local_filepath, sizeof(gsr_global_hotkeys_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-global-hotkeys", user_homepath); + char gsr_kms_server_local_filepath[PATH_MAX]; + snprintf(gsr_kms_server_local_filepath, sizeof(gsr_kms_server_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-kms-server", user_homepath); + + char gsr_global_hotkeys_local_filepath[PATH_MAX]; + snprintf(gsr_global_hotkeys_local_filepath, sizeof(gsr_global_hotkeys_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-global-hotkeys", user_homepath); if(geteuid() == 0) { /* is current user root? */ int success = 1; - success &= (file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1) == 1); - success &= (copy_file_atomic_set_capabilities(self_path, kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP, CAP_SETUID }, 3) == 1); - //success &= (copy_file_atomic_set_capabilities(GSR_GLOBAL_HOTKEYS_FILEPATH, gsr_global_hotkeys_local_filepath, (const cap_value_t[]){ CAP_SETUID }, 1) == 1); + success &= (file_set_capabilities(kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP, CAP_SETUID }, 3) == 1); return success ? 0 : 1; } else { - if(create_local_kms_server_proxy_directory(user_homepath) != 1) + if(create_local_kms_server_proxy_directory(user_homepath) != 1) { + fprintf(stderr, "Error: failed to create ~/.local/share/gpu-screen-recorder directory\n"); + return 1; + } + + if(copy_file_atomic(KMS_SERVER_PROXY_FILEPATH, kms_server_proxy_local_filepath) != 1) { + fprintf(stderr, "Error: failed to copy kms-server-proxy to %s\n", kms_server_proxy_local_filepath); + return 1; + } + + if(copy_file_atomic(GSR_KMS_SERVER_FILEPATH, gsr_kms_server_local_filepath) != 1) { + fprintf(stderr, "Error: failed to copy gsr-kms-server to %s\n", gsr_kms_server_local_filepath); return 1; + } - const char *args[] = { "pkexec", self_path, "setup-gsr-ui", user_homepath, NULL }; + if(copy_file_atomic(GSR_GLOBAL_HOTKEYS_FILEPATH, gsr_global_hotkeys_local_filepath) != 1) { + fprintf(stderr, "Error: failed to copy gsr-global-hotkeys to %s\n", gsr_global_hotkeys_local_filepath); + return 1; + } + + const char *args[] = { "pkexec", kms_server_proxy_local_filepath, "setup-gsr-ui", user_homepath, NULL }; return execvp(args[0], (char *const*)args); } } @@ -168,12 +184,12 @@ static int launch_gsr_kms_server(const char *initial_socket_path, const char *ca char kms_server_proxy_local_filepath[PATH_MAX]; /* Update kms-server-proxy-N to kms-server-proxy-N+1 on update (update that needs to run before this program launches itself) */ - snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-1", user_homepath); + snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-2", user_homepath); - if(file_has_sys_admin_capability(GSR_KMS_SERVER_FILEPATH)) { - const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; - return execv(args[0], (char *const*)args); - } else if(file_has_sys_admin_capability(kms_server_proxy_local_filepath)) { + char gsr_kms_server_local_filepath[PATH_MAX]; + snprintf(gsr_kms_server_local_filepath, sizeof(gsr_kms_server_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-kms-server", user_homepath); + + if(file_has_sys_admin_capability(kms_server_proxy_local_filepath)) { /* Need to resolve kms_server_proxy_local_filepath because /home can be a symlink to another location */ char kms_server_proxy_local_filepath_full[PATH_MAX]; if(!readlink_realpath(kms_server_proxy_local_filepath, kms_server_proxy_local_filepath_full)) { @@ -190,24 +206,29 @@ static int launch_gsr_kms_server(const char *initial_socket_path, const char *ca return execv(args[0], (char *const*)args); } - /* TODO: Remove the need for this. Instead inherit capabilities */ - if(file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1)) { - const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; - return execv(args[0], (char *const*)args); - } - - const char *args[] = { "pkexec", GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; + const char *args[] = { "pkexec", gsr_kms_server_local_filepath, initial_socket_path, card_path, NULL }; return execvp(args[0], (char *const*)args); } else if(geteuid() == 0) { /* is current user root? */ - file_set_capabilities(GSR_KMS_SERVER_FILEPATH, (const cap_value_t[]){ CAP_SYS_ADMIN }, 1); - copy_file_atomic_set_capabilities(self_path, kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP, CAP_SETUID }, 3); - - const char *args[] = { GSR_KMS_SERVER_FILEPATH, initial_socket_path, card_path, NULL }; + file_set_capabilities(kms_server_proxy_local_filepath, (const cap_value_t[]){ CAP_SYS_ADMIN, CAP_SETFCAP, CAP_SETUID }, 3); + const char *args[] = { gsr_kms_server_local_filepath, initial_socket_path, card_path, NULL }; return execv(args[0], (char *const*)args); } else { - create_local_kms_server_proxy_directory(user_homepath); + if(create_local_kms_server_proxy_directory(user_homepath) != 1) { + fprintf(stderr, "Error: failed to create ~/.local/share/gpu-screen-recorder directory\n"); + return 1; + } - const char *args[] = { "pkexec", self_path, initial_socket_path, card_path, user_homepath, NULL }; + if(copy_file_atomic(KMS_SERVER_PROXY_FILEPATH, kms_server_proxy_local_filepath) != 1) { + fprintf(stderr, "Error: failed to copy kms-server-proxy to %s\n", kms_server_proxy_local_filepath); + return 1; + } + + if(copy_file_atomic(GSR_KMS_SERVER_FILEPATH, gsr_kms_server_local_filepath) != 1) { + fprintf(stderr, "Error: failed to copy gsr-kms-server to %s\n", gsr_kms_server_local_filepath); + return 1; + } + + const char *args[] = { "pkexec", kms_server_proxy_local_filepath, initial_socket_path, card_path, user_homepath, NULL }; return execvp(args[0], (char *const*)args); } } @@ -223,7 +244,10 @@ static int launch_gsr_global_hotkeys(char **argv) { char kms_server_proxy_local_filepath[PATH_MAX]; /* Update kms-server-proxy-N to kms-server-proxy-N+1 on update (update that needs to run before this program launches itself) */ - snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-1", user_homepath); + snprintf(kms_server_proxy_local_filepath, sizeof(kms_server_proxy_local_filepath), "%s/.local/share/gpu-screen-recorder/kms-server-proxy-2", user_homepath); + + char gsr_global_hotkeys_local_filepath[PATH_MAX]; + snprintf(gsr_global_hotkeys_local_filepath, sizeof(gsr_global_hotkeys_local_filepath), "%s/.local/share/gpu-screen-recorder/gsr-global-hotkeys", user_homepath); if(!file_has_sys_admin_capability(kms_server_proxy_local_filepath)) { fprintf(stderr, "Error: kms-server-proxy is missing cap sys admin capability\n"); @@ -251,7 +275,7 @@ static int launch_gsr_global_hotkeys(char **argv) { return 1; } - argv[2] = GSR_GLOBAL_HOTKEYS_FILEPATH; + argv[2] = gsr_global_hotkeys_local_filepath; return execv(argv[2], argv + 2); } |