Making Fedora Lock Screen on Lid Close

September 6, 2012. When you close the lid on a laptop, the screen should lock. End of story. Fedora (16) doesn't do this. Here's a kludgy workaround.

  1. Download this ACPI script and save it as /etc/acpi/actions/buttons/lid. The name and path is important. Don't rename it.
  2. Download this user script and save it as ~/bin/scripts/screenlock-watch. You can put it in any directory you want, no problem. You can change the name, too, but if you do you'll also need to change the SOCK= declaration in the lid script.
  3. As yourself (your normal user), in an xterm, run: screenlock-watch &.
  4. As root, in another xterm, run: tail -f /var/log/audit/audit.log. Hit ENTER a couple of times so new lines will stand out.
  5. Close the lid. This will probably have no effect the first time.
  6. Reopen the lid. See what's new in your tail -f. If one of those lines looks something like this:
         type=AVC msg=audit(1346964023.171:27): avc:  denied  { write } for
         pid=19678 comm="lid" name="screenlock-watch.sock" dev="dm-1" ino=1310733
         scontext=system_u:system_r:apmd_t:s0
         tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=fifo_file 
         
    ...then do some stupid SElinux crap as follows:
         # grep watch.sock /var/log/audit/audit.log | audit2allow -M foo
         ******************** IMPORTANT ***********************
         To make this policy package active, execute:
    
         semodule -i foo.pp
         # semodule -i foo.pp (this will take ages; 60 seconds or more)
         
  7. Now close the lid again. It might fail again due to SElinux; if it does, try the above grep/audit2allow/semodule commands one more time. Then try closing the lid. It should lock this time.

Created: 2012 September 6
Last updated: 2012 September 6.