[WIP] add in-tree support to wayland

Developed by Albert and Roberto, just integrating to
QM upstream.

Ref:
https://aesteve-rh.github.io/alesgar-digital-cockpit/posts/wayland-in-qm/

Signed-off-by: Albert Esteve <[email protected]>
Signed-off-by: Roberto Majadas <[email protected]>
Signed-off-by: Douglas Schilling Landgraf <[email protected]>

etc/pam.d/wayland

@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth       substack     system-auth
+auth       include      postlogin
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+session    required     pam_loginuid.so
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      system-auth
+session    include      postlogin
+-session   optional     pam_ck_connector.so

etc/systemd/session-active.container

@@ -0,0 +1,19 @@
+[Unit]
+Description=session-activate container
+
+[Container]
+ContainerName=session-activate
+Environment=XDG_RUNTIME_DIR=/run/user/0
+Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket
+Exec=/usr/bin/entrypoint.sh
+Image=session-activate:latest
+SecurityLabelType=qm_container_wayland_t
+Volume=/run/systemd:/run/systemd:ro
+Volume=/run/dbus/system_bus_socket:/run/dbus/system_bus_socket
+Volume=/run/user/0:/run/user/0
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Restart=always

etc/systemd/system/qm-dbus.socket

@@ -0,0 +1,9 @@
+[Unit]
+Description=QM D-Bus User Message Bus Socket
+After=dbus.socket
+
+[Socket]
+ListenStream=%t/dbus/qm_bus_socket
+
+[Install]
+WantedBy=sockets.target

etc/systemd/system/wayland-session.service

@@ -0,0 +1,37 @@
+[Unit]
+Description=Wayland Session Creation Handling
+After=systemd-user-sessions.service
+
+[Service]
+Type=simple
+Environment=XDG_SESSION_TYPE=wayland
+UnsetEnvironment=TERM
+ExecStart=/bin/sleep infinity
+Restart=no
+
+# Run the session as root (required by PAMName)
+User=0
+Group=0
+
+# Set up a full user session for the user, required by Wayland.
+PAMName=login
+
+# Fail to start if not controlling the tty.
+StandardInput=tty-fail
+
+# Defaults to journal.
+StandardError=journal
+StandardOutput=journal
+
+# A virtual terminal is needed.
+TTYPath=/dev/tty7
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+
+# Log this user with utmp.
+UtmpIdentifier=tty7
+UtmpMode=user
+
+[Install]
+WantedBy=graphical.target

rpm/qm.spec

@@ -4,6 +4,8 @@
 %global selinuxtype targeted
 %global moduletype services
 %global modulenames qm
+%global rootfs_qm /usr/lib/qm/rootfs/
+
 %global seccomp_json /usr/share/%{modulenames}/seccomp.json
 %global setup_tool %{_prefix}/share/%{modulenames}/setup
 
@@ -22,8 +24,6 @@
 %bcond_without copr
 %endif
 
-
-
 %if 0%{?fedora}
 %global podman_epoch 5
 %else
@@ -58,6 +58,12 @@ BuildRequires: pkgconfig(systemd)
 BuildRequires: selinux-policy >= %_selinux_policy_version
 BuildRequires: selinux-policy-devel >= %_selinux_policy_version
 
+%if %{defined enable_window_manager}
+Requires: %{enable_window_manager}
+Requires: weston
+Requires: dbus-tools
+%endif
+
 Requires: parted
 Requires: containers-common
 Requires: selinux-policy >= %_selinux_policy_version
@@ -141,11 +147,30 @@ fi
 %ghost %dir %{_datadir}/containers/systemd
 %{_datadir}/containers/systemd/qm.container
 %ghost %{_sysconfdir}/containers/systemd/qm.container
+
 %{_mandir}/man8/*
 %ghost %dir %{_installscriptdir}
 %ghost %dir %{_installscriptdir}/rootfs
 %ghost %{_installscriptdir}/rootfs/*
 
+%package windowmanager
+Summary: Optional Window Manager deployed in QM environment (Experimental)
+Requires: weston
+Requires: dbus-tools
+Requires: qm
+%description windowmanager
+The optional window manager deployed in QM environment as nested container.
+
+%files windowmanager
+%{rootfs_qm}/%{_sysconfdir}/pam.d/wayland
+%{rootfs_qm}/%{_sysconfdir}/systemd/system/wayland-session.service
+%{rootfs_qm}/%{_sysconfdir}/systemd/system/qm-dbus.socket
+%{rootfs_qm}/%{_sysconfdir}/systemd/session-active.container
+%{rootfs_qm}/%{_libdir}/tmpfiles.d/etc/containers/systemd/gnome_mutter.container
+%{rootfs_qm}/%{_libdir}/tmpfiles.d/etc/containers/systemd/weston_terminal.container
+%config(noreplace) %{rootfs_qm}/%{_libdir}/tmpfiles.d/wayland-xdg-directory.conf
+%config(noreplace) %{rootfs_qm}/%{_libdir}/tmpfiles.d/etc/containers/systemd/qm.container.d/wayland-extra-devices.conf
+
 %changelog
 %if %{defined autochangelog}
 %autochangelog

tools/comment-pam-selinux-systemd-user

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+FILE="/etc/pam.d/systemd-user"
+
+# Check if the file exists
+if [[ -f "$FILE" ]]; then
+  # Use sed to comment out lines containing pam_selinux
+  sed -i '/pam_selinux/ s/^/# /' "$FILE"
+  echo "Lines containing pam_selinux have been commented out in $FILE."
+else
+  echo "File $FILE not found!"
+  exit 1
+fi

usr/lib/tmpfiles.d/etc/containers/systemd/gnome_mutter.container

@@ -0,0 +1,39 @@
+[Unit]
+After=qm-dbus.socket
+Description=mutter container
+Requires=qm-dbus.socket
+
+[Container]
+ContainerName=mutter
+Environment=XDG_RUNTIME_DIR=/run/user/0
+Environment=XDG_SESSION_TYPE=wayland
+Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/dbus/qm_bus_socket
+Exec=mutter --no-x11 --wayland --sm-disable --wayland-display=wayland-0
+Image=mutter:latest
+SecurityLabelType=qm_container_wayland_t
+Volume=/run/systemd:/run/systemd:ro
+Volume=/run/udev:/run/udev:ro
+Volume=/run/dbus/qm_bus_socket:/run/dbus/qm_bus_socket
+Volume=/run/dbus/system_bus_socket:/run/dbus/system_bus_socket
+Volume=/run/user/0:/run/user/0
+AddDevice=/dev/dri/renderD128
+AddDevice=/dev/dri/card0
+AddDevice=/dev/tty0
+AddDevice=/dev/tty1
+AddDevice=/dev/tty2
+AddDevice=/dev/tty3
+AddDevice=/dev/tty4
+AddDevice=/dev/tty5
+AddDevice=/dev/tty6
+AddDevice=/dev/tty7
+AddDevice=/dev/input/event0
+AddDevice=/dev/input/event1
+AddDevice=/dev/input/event2
+AddDevice=/dev/input/event3
+AddDevice=/dev/input/event4
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Restart=always

usr/lib/tmpfiles.d/etc/containers/systemd/qm.container.d/wayland-extra-devices.conf

@@ -0,0 +1,17 @@
+[Container]
+AddDevice=/dev/dri/renderD128
+AddDevice=/dev/dri/card0
+AddDevice=/dev/tty0
+AddDevice=/dev/tty1
+AddDevice=/dev/tty2
+AddDevice=/dev/tty3
+AddDevice=/dev/tty4
+AddDevice=/dev/tty5
+AddDevice=/dev/tty6
+AddDevice=/dev/tty7
+AddDevice=/dev/input/event0
+AddDevice=/dev/input/event1
+AddDevice=/dev/input/event2
+AddDevice=/dev/input/event3
+AddDevice=/dev/input/event4
+Volume=/run/udev:/run/udev:ro,Z

usr/lib/tmpfiles.d/etc/containers/systemd/weston_terminal.container

@@ -0,0 +1,19 @@
+[Unit]
+After=mutter.service
+Description=weston_terminal container
+Requires=mutter.service
+
+[Container]
+ContainerName=weston_terminal
+Environment=XDG_RUNTIME_DIR=/run/user/0
+Environment=WAYLAND_DISPLAY=wayland-0
+Exec=/usr/bin/weston-terminal
+Image=localhost/weston_terminal:latest
+SecurityLabelType=qm_container_wayland_t
+Volume=/run/user/0:/run/user/0
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Restart=always

usr/lib/tmpfiles.d/wayland-xdg-directory.conf

@@ -0,0 +1,2 @@
+#Type Path                 Mode UID       GID          Age Argument
+d     /run/user/0          0700 0         0            -   -