[neon/snap-packaging/plasma-core-desktop/ago/prevent-unconfined-services-launch] hooks: Prevent unconfined services from being started
Antoine Gonzalez
null at kde.org
Wed Sep 25 15:56:17 BST 2024
Git commit 8ebd00ab951be31cfb07e6697e5124d9e641c14c by Antoine Gonzalez.
Committed on 25/09/2024 at 14:52.
Pushed by daspood into branch 'ago/prevent-unconfined-services-launch'.
Prevent unconfined services from being started
Related issues from https://invent.kde.org/neon/ubuntu-core/:
* baloo_file (!82)
* drkonqi-coredump-processor (!81)
* ssh-agent (!80)
Remove the autostart entry / systemd services and remove the executable
that was launched by these startup configurations.
M +13 -0 hooks/006-add-plasma-session.chroot
https://invent.kde.org/neon/snap-packaging/plasma-core-desktop/-/commit/8ebd00ab951be31cfb07e6697e5124d9e641c14c
diff --git a/hooks/006-add-plasma-session.chroot b/hooks/006-add-plasma-session.chroot
index 2e256af..96b62e2 100755
--- a/hooks/006-add-plasma-session.chroot
+++ b/hooks/006-add-plasma-session.chroot
@@ -122,6 +122,19 @@ rm -f /usr/lib/systemd/user/org.freedesktop.IBus.session.generic.service
rm /etc/xdg/autostart/kaccess.desktop
rm /etc/xdg/autostart/org.kde.xwaylandvideobridge.desktop
+# Prevent known unconfined apps from being started in the session
+rm /etc/xdg/autostart/baloo_file.desktop
+rm /usr/lib/systemd/user/kde-baloo.service
+rm /usr/lib/systemd/user/drkonqi-coredump-pickup.service
+rm /usr/lib/systemd/user/ssh-agent.service
+
+# Remove known unconfined apps executables
+rm /usr/lib/x86_64-linux-gnu/libexec/kf6/baloo_file
+rm /usr/lib/x86_64-linux-gnu/libexec/drkonqi-coredump-processor
+rm /usr/bin/ssh-agent
+rm /usr/lib/openssh/agent-launch
+
+
# Remove D-Bus service activation files provided by
# the session snap.
rm /usr/share/dbus-1/services/org.freedesktop.impl.portal.desktop.kde.service
More information about the Neon-commits
mailing list