diff --git a/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch b/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch new file mode 100644 index 0000000..ce3f31a --- /dev/null +++ b/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch @@ -0,0 +1,81 @@ +From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Fri, 27 Mar 2015 10:10:54 -0400 +Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable + +This lets the X server know that it can safely drop privileges. + +https://bugzilla.gnome.org/show_bug.cgi?id=746891 +--- + daemon/gdm-x-session.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c +index dfd6016..3cc7d40 100644 +--- a/daemon/gdm-x-session.c ++++ b/daemon/gdm-x-session.c +@@ -195,60 +195,61 @@ spawn_x_server (State *state, + { + GPtrArray *arguments = NULL; + GSubprocessLauncher *launcher = NULL; + GSubprocess *subprocess = NULL; + GInputStream *input_stream = NULL; + GDataInputStream *data_stream = NULL; + GError *error = NULL; + + char *auth_file; + gboolean is_running = FALSE; + int ret; + int pipe_fds[2]; + char *display_fd_string = NULL; + char *vt_string = NULL; + char *display_number; + gsize display_number_size; + + auth_file = prepare_auth_file (); + + g_debug ("Running X server"); + + ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error); + + if (!ret) { + g_debug ("could not open pipe: %s", error->message); + goto out; + } + + arguments = g_ptr_array_new (); + launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT); ++ g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE); + g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO); + + if (g_getenv ("XDG_VTNR") != NULL) { + int vt; + + vt = atoi (g_getenv ("XDG_VTNR")); + + if (vt > 0 && vt < 64) { + vt_string = g_strdup_printf ("vt%d", vt); + } + } + + display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO); + + g_ptr_array_add (arguments, X_SERVER); + + if (vt_string != NULL) { + g_ptr_array_add (arguments, vt_string); + } + + g_ptr_array_add (arguments, "-displayfd"); + g_ptr_array_add (arguments, display_fd_string); + + g_ptr_array_add (arguments, "-auth"); + g_ptr_array_add (arguments, auth_file); + + if (!allow_remote_connections) { + g_ptr_array_add (arguments, "-nolisten"); + g_ptr_array_add (arguments, "tcp"); + } +-- +2.3.3 + diff --git a/gdm.spec b/gdm.spec index 6ae8ab4..f40c5ee 100644 --- a/gdm.spec +++ b/gdm.spec @@ -11,7 +11,7 @@ Summary: The GNOME Display Manager Name: gdm Version: 3.16.0.1 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 License: GPLv2+ Group: User Interface/X @@ -19,6 +19,7 @@ URL: https://wiki.gnome.org/Projects/GDM #VCS: git:git://git.gnome.org/gdm Source: http://download.gnome.org/sources/gdm/3.16/gdm-%{version}.tar.xz Source1: org.gnome.login-screen.gschema.override +Patch0: 0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch BuildRequires: pam-devel >= 0:%{pam_version} BuildRequires: fontconfig >= 0:%{fontconfig_version} @@ -104,6 +105,7 @@ files needed to build custom greeters. %prep %setup -q +%patch0 -p1 -b .xorg-run-as-user-ok autoreconf -i -f intltoolize -f @@ -294,6 +296,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || : %{_libdir}/pkgconfig/gdm.pc %changelog +* Fri Mar 27 2015 Ray Strode 3.16.0.1-2 +- set XORG_RUN_AS_USER_OK in environment + * Tue Mar 24 2015 Kalev Lember - 1:3.16.0.1-1 - Update to 3.16.0.1