From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 27 Mar 2015 10:10:54 -0400
Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable
This lets the X server know that it can safely drop privileges.
https://bugzilla.gnome.org/show_bug.cgi?id=746891
---
daemon/gdm-x-session.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c
index dfd6016..3cc7d40 100644
--- a/daemon/gdm-x-session.c
+++ b/daemon/gdm-x-session.c
@@ -195,60 +195,61 @@ spawn_x_server (State *state,
{
GPtrArray *arguments = NULL;
GSubprocessLauncher *launcher = NULL;
GSubprocess *subprocess = NULL;
GInputStream *input_stream = NULL;
GDataInputStream *data_stream = NULL;
GError *error = NULL;
char *auth_file;
gboolean is_running = FALSE;
int ret;
int pipe_fds[2];
char *display_fd_string = NULL;
char *vt_string = NULL;
char *display_number;
gsize display_number_size;
auth_file = prepare_auth_file ();
g_debug ("Running X server");
ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error);
if (!ret) {
g_debug ("could not open pipe: %s", error->message);
goto out;
}
arguments = g_ptr_array_new ();
launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT);
+ g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE);
g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO);
if (g_getenv ("XDG_VTNR") != NULL) {
int vt;
vt = atoi (g_getenv ("XDG_VTNR"));
if (vt > 0 && vt < 64) {
vt_string = g_strdup_printf ("vt%d", vt);
}
}
display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO);
g_ptr_array_add (arguments, X_SERVER);
if (vt_string != NULL) {
g_ptr_array_add (arguments, vt_string);
}
g_ptr_array_add (arguments, "-displayfd");
g_ptr_array_add (arguments, display_fd_string);
g_ptr_array_add (arguments, "-auth");
g_ptr_array_add (arguments, auth_file);
if (!allow_remote_connections) {
g_ptr_array_add (arguments, "-nolisten");
g_ptr_array_add (arguments, "tcp");
}
--
2.3.3