BetterCorp/BetterFrame
1
0
Fork 0
mirror of https://github.com/BetterCorp/BetterFrame.git synced 2026-05-26 16:56:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
BetterFrame/deploy/pam.d/cage
Mitchell R 81a64766ae feat(deploy): Pi kiosk bring-up via cage + low-priv bfkiosk user 
Replace the user-mode kiosk service with a system unit that runs cage
(single-app Wayland compositor) on tty1 as a dedicated unprivileged
user. No desktop, no display manager, auto-restart on crash via
Restart=always.

setup-pi-kiosk.sh provisions the user, installs cage + seatd, disables
any display manager, points default.target at multi-user, drops the
PAM stack, and enables the service. Idempotent.

Screen wake "auto-login": with no DM and no lockscreen, DPMS-driven
sleep just turns the panel back on — the kiosk process is already
running.
2026-05-13 03:11:06 +02:00

8 lines
418 B
Text
Raw Permalink Blame History

# PAM stack for cage when invoked via systemd's PAMName=cage.
# Permissive auth (no password) because the session is launched by systemd as
# bfkiosk after auto-login at the multi-user target. pam_systemd sets up the
# XDG_RUNTIME_DIR + session, pam_loginuid wires the audit id.
auth required pam_permit.so
account required pam_permit.so
session required pam_loginuid.so
session required pam_systemd.so
Reference in a new issue View git blame Copy permalink