rstrode pushed to gdm (origin/HEAD). "- set XORG_RUN_AS_USER_OK in environment"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 16 16:55:27 UTC 2015
>From fea58fe7a2a7d5cbffd8d177ddc7f6c3ad345995 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode at redhat.com>
Date: Fri, 27 Mar 2015 10:18:01 -0400
Subject: - set XORG_RUN_AS_USER_OK in environment
diff --git a/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch b/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch
new file mode 100644
index 0000000..ce3f31a
--- /dev/null
+++ b/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch
@@ -0,0 +1,81 @@
+From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode at redhat.com>
+Date: Fri, 27 Mar 2015 10:10:54 -0400
+Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable
+
+This lets the X server know that it can safely drop privileges.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=746891
+---
+ daemon/gdm-x-session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c
+index dfd6016..3cc7d40 100644
+--- a/daemon/gdm-x-session.c
++++ b/daemon/gdm-x-session.c
+@@ -195,60 +195,61 @@ spawn_x_server (State *state,
+ {
+ GPtrArray *arguments = NULL;
+ GSubprocessLauncher *launcher = NULL;
+ GSubprocess *subprocess = NULL;
+ GInputStream *input_stream = NULL;
+ GDataInputStream *data_stream = NULL;
+ GError *error = NULL;
+
+ char *auth_file;
+ gboolean is_running = FALSE;
+ int ret;
+ int pipe_fds[2];
+ char *display_fd_string = NULL;
+ char *vt_string = NULL;
+ char *display_number;
+ gsize display_number_size;
+
+ auth_file = prepare_auth_file ();
+
+ g_debug ("Running X server");
+
+ ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error);
+
+ if (!ret) {
+ g_debug ("could not open pipe: %s", error->message);
+ goto out;
+ }
+
+ arguments = g_ptr_array_new ();
+ launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT);
++ g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE);
+ g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO);
+
+ if (g_getenv ("XDG_VTNR") != NULL) {
+ int vt;
+
+ vt = atoi (g_getenv ("XDG_VTNR"));
+
+ if (vt > 0 && vt < 64) {
+ vt_string = g_strdup_printf ("vt%d", vt);
+ }
+ }
+
+ display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO);
+
+ g_ptr_array_add (arguments, X_SERVER);
+
+ if (vt_string != NULL) {
+ g_ptr_array_add (arguments, vt_string);
+ }
+
+ g_ptr_array_add (arguments, "-displayfd");
+ g_ptr_array_add (arguments, display_fd_string);
+
+ g_ptr_array_add (arguments, "-auth");
+ g_ptr_array_add (arguments, auth_file);
+
+ if (!allow_remote_connections) {
+ g_ptr_array_add (arguments, "-nolisten");
+ g_ptr_array_add (arguments, "tcp");
+ }
+--
+2.3.3
+
diff --git a/gdm.spec b/gdm.spec
index 6ae8ab4..f40c5ee 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -11,7 +11,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 3.16.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -19,6 +19,7 @@ URL: https://wiki.gnome.org/Projects/GDM
#VCS: git:git://git.gnome.org/gdm
Source: http://download.gnome.org/sources/gdm/3.16/gdm-%{version}.tar.xz
Source1: org.gnome.login-screen.gschema.override
+Patch0: 0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch
BuildRequires: pam-devel >= 0:%{pam_version}
BuildRequires: fontconfig >= 0:%{fontconfig_version}
@@ -104,6 +105,7 @@ files needed to build custom greeters.
%prep
%setup -q
+%patch0 -p1 -b .xorg-run-as-user-ok
autoreconf -i -f
intltoolize -f
@@ -294,6 +296,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
%{_libdir}/pkgconfig/gdm.pc
%changelog
+* Fri Mar 27 2015 Ray Strode <rstrode at redhat.com> 3.16.0.1-2
+- set XORG_RUN_AS_USER_OK in environment
+
* Tue Mar 24 2015 Kalev Lember <kalevlember at gmail.com> - 1:3.16.0.1-1
- Update to 3.16.0.1
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/gdm.git/commit/?h=origin/HEAD&id=fea58fe7a2a7d5cbffd8d177ddc7f6c3ad345995
More information about the scm-commits
mailing list