Need an interface to lock the screen

jdstrand
upcoming

#1

I am working on an app that is able to remotely lock the screen of a user. case: you forgot to lock your desktop when you went for lunch/coffee and want to make sure your laptop is locked.

Different desktop environments have different service names to lock the screen:

on KDE: org.kde.screensaver
on Unity and GNOME: org.gnome.ScreenSaver

Regarding path:

on KDE and GNOME: /ScreenSaver
on Unity: /com/canonical/Unity/Session

The dbus interfaces are:

KDE: org.freedesktop.ScreenSaver
Unity: com.canonical.Unity.Session
GNOME: org.gnome.ScreenSaver

I put more organized info here: https://github.com/om26er/linux-desktop-manager/blob/bf55285ef88fdc49f49d238d67bcc4a841e6fefd/ldm/manager.py#L3


Desktop interface should allow access to org.freedesktop.DBus.Peer
#2

Thank you, we will investigate the security impact of the interface and either add this to one of the existing interfaces or create a new, dedicated interface.


#3

@jdstrand Would you be able to give a hand on this one as well?

Is there a reason for us to not expose this with the desktop interface itself, assuming it only allows locking?


#4

I can look at it. We allow inhibit already so Lock doesn’t seem unreasonable OTOH.


#5

Two requirements to make it usable:

  1. Allow to check if screen is locked.
  2. Allow to actually lock the screen.

#6

Probably also “inhibit locking” ? (media players usually need that)


#7

We already have ‘screen-inhibit-control’ in a separate interface, which I think is correct because a snap could inhibit screenlocking and expose users to risk. It makes some sense to then have a corresponding screen-lock interface, but because screen locking actually makes things more secure and we would allow auto-connection, I think it makes more sense to simply add to the desktop interface. We’ll try to get this into 2.30.


#8

https://github.com/snapcore/snapd/pull/4384 for master and https://github.com/snapcore/snapd/pull/4385 for 2.30.


#9

These are both committed. Please test the 2.30 core snap when it hits candidate (or test newer versions that have the change in edge/beta) and comment if it doesn’t work for you.


#10

Any dates on when 2.30 gets uploaded to Xenial ?


#11

So I created a snap that uses the above change, it works fine functionally but does throw an error when bus.get_object() is called.

om26er@chaoticX:~$ linux-desktop-manager
2018-04-09T20:34:08 Successfully joined session 5848950066406832
2018-04-09T20:34:12 Introspect error on :1.21:/org/gnome/ScreenSaver: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.294" (uid=1000 pid=14073 comm="python3 /snap/linux-desktop-manager/36/bin/linux-d" label="snap.linux-desktop-manager.linux-desktop-manager (enforce)") interface="org.freedesktop.DBus.Introspectable" member="Introspect" error name="(unset)" requested_reply="0" destination=":1.21" (uid=1000 pid=1849 comm="/usr/bin/gnome-shell " label="unconfined")