From fcfdad54f5dd5c099edbcc837bb14624c675d72b Mon Sep 17 00:00:00 2001 From: Jaroslav Škarvada Date: Sep 21 2016 15:01:49 +0000 Subject: Fixed pkexec Resolves: rhbz#1377896 --- diff --git a/tuned-2.7.1-pkexec-fix.patch b/tuned-2.7.1-pkexec-fix.patch new file mode 100644 index 0000000..023d9a5 --- /dev/null +++ b/tuned-2.7.1-pkexec-fix.patch @@ -0,0 +1,73 @@ +From 325dd17ee5f19a84fe97987404edc78d9904fa27 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= +Date: Wed, 21 Sep 2016 16:43:39 +0200 +Subject: [PATCH] tuned-gui: fixed pkexec to work from GNOME Shell +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GNOME Shell doesn't seem to run applications through the shell or with some +persistent parent, thus pkexec cannot be execed over the original tuned-gui +process, because it wouldn't pass the pkexec getppid check. The check is +there to ensure that the pkexec will not be owned by the init process. + +This fix runs the pkexec as a child process. The minor drawback is that +there will be two tuned-gui processes - the original process running under +the user and the pkexeced process running under the root. The original +process will effectively do nothing, it will just wait for the pkexeced +process to exit. + +Resolves: rhbz#1377896 + +Signed-off-by: Jaroslav Škarvada +--- + tuned-gui.desktop | 2 +- + tuned-gui.py | 12 +++++++++--- + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/tuned-gui.desktop b/tuned-gui.desktop +index f64869d..460e052 100644 +--- a/tuned-gui.desktop ++++ b/tuned-gui.desktop +@@ -3,7 +3,7 @@ Encoding=UTF-8 + Name=tuned-gui + GenericName=tuned-gui + Comment=GTK GUI that can control Tuned daemon and provides simple profile editor +-Exec=pkexec /usr/sbin/tuned-gui ++Exec=tuned-gui + Icon=tuned + Terminal=false + Type=Application +diff --git a/tuned-gui.py b/tuned-gui.py +index 6cabfb5..3731b34 100755 +--- a/tuned-gui.py ++++ b/tuned-gui.py +@@ -49,6 +49,7 @@ import os + import time + import configobj + ++import subprocess + import tuned.logs + import tuned.consts as consts + import tuned.version as version +@@ -1017,9 +1018,14 @@ if __name__ == '__main__': + + if os.geteuid() != 0: + try: +- os.execvp('pkexec', ['pkexec ' + EXECNAME, EXECNAME] + sys.argv[1:]) +- except (IOError, OSError) as e: +- pass ++ # Explicitly disabling shell to be safe ++ ec = subprocess.call(['pkexec', EXECNAME] + sys.argv[1:], shell = False) ++ except (subprocess.CalledProcessError) as e: ++ print >> sys.stderr, 'Error elevating privileges: %s' % e ++ else: ++ # If not pkexec error ++ if ec not in [126, 127]: ++ sys.exit(0) + # In case of error elevating privileges + print >> sys.stderr, 'Superuser permissions are required to run the daemon.' + sys.exit(1) +-- +2.7.4 + diff --git a/tuned.spec b/tuned.spec index 805aee6..06f352c 100644 --- a/tuned.spec +++ b/tuned.spec @@ -1,7 +1,7 @@ Summary: A dynamic adaptive system tuning daemon Name: tuned Version: 2.7.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Source: https://fedorahosted.org/releases/t/u/tuned/tuned-%{version}.tar.bz2 URL: https://fedorahosted.org/tuned/ @@ -13,6 +13,7 @@ Requires(postun): systemd Requires: python-decorator, dbus-python, pygobject3-base, python-pyudev Requires: virt-what, python-configobj, ethtool, gawk, kernel-tools, hdparm Requires: util-linux, python-perf, dbus, polkit +Patch0: tuned-2.7.1-pkexec-fix.patch %description The tuned package contains a daemon that tunes system settings dynamically. @@ -113,6 +114,7 @@ It can be also used to fine tune your system for specific scenarios. %prep %setup -q +%patch0 -p1 %build @@ -321,6 +323,10 @@ fi %{_mandir}/man7/tuned-profiles-compat.7* %changelog +* Wed Sep 21 2016 Jaroslav Škarvada - 2.7.1-2 +- Fixed pkexec + Resolves: rhbz#1377896 + * Tue Aug 2 2016 Jaroslav Škarvada - 2.7.1-1 - New release Resolves: rhbz#1362481