Commit 6c8cd784 authored by intrigeri's avatar intrigeri
Browse files

Fix unlocking the screen.

parent 76b5e6e9
# tails-kill-gdm-session renames this script to /usr/lib/gdm3/gdm-session-worker
# before it kills Debian-gdm's GNOME session. And then, whenever GDM tries
# to start a new session worker, this script will only allow it to do so if
# that's for reauthentication purposes, i.e. to unlock the screen.
# Otherwise, we return exit code 0, so that GDM does not start a full-blown
# GNOME session that would uselessly eat hundreds of MB of memory.
# No "set -e" because we need to capture the exit status of gdm-session-worker.real.
# No "set -u" because we need to check an environment variable that may
# not be set: $GDM_SESSION_FOR_REAUTH.
if [ "$GDM_SESSION_FOR_REAUTH" = 1 ]; then
# Use "exec" so that real worker gets the same PID as this script,
# otherwise GDM's find_conversation_by_pid will fail to find the
# corresponding conversation, log "GdmSession: New worker
# connection is from unknown source", ignore the worker's query,
# and as a result unlocking the script will fail.
exec /usr/lib/gdm3/gdm-session-worker.real "$@"
exit 0
......@@ -38,8 +38,12 @@ logind_session_tty_number() {
| sed -E 's,^tty,,'
# Ensure gdm-session-worker won't start new sessions.
cp -a /bin/true /usr/lib/gdm3/gdm-session-worker
# Replace gdm-session-worker with a version that won't start new
# sessions, except for reauthentication, i.e. for unlocking
# the screen.
mv /usr/lib/gdm3/gdm-session-worker /usr/lib/gdm3/gdm-session-worker.real
cp -a /usr/lib/gdm3/gdm-session-worker-only-reauth \
# Kill GDM's gdm-session-worker: it's the parent process for all
# Debian-gdm processes, such as gdm-x-session; it would otherwise
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment