Accepting request 346801 from Base:System
- polkit-revert-session-magic.patch: revert a session detection change that could lead to sessions not being detected as active due to a systemd bug. bsc#954139 OBS-URL: https://build.opensuse.org/request/show/346801 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=55
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
9cd6695f73
66
polkit-revert-session-magic.patch
Normal file
66
polkit-revert-session-magic.patch
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
commit a29653ffa99e0809e15aa34afcd7b2df8593871c
|
||||||
|
Author: Philip Withnall <philip.withnall@collabora.co.uk>
|
||||||
|
Date: Tue Jun 2 16:19:51 2015 +0100
|
||||||
|
|
||||||
|
sessionmonitor-systemd: Use sd_uid_get_state() to check session activity
|
||||||
|
|
||||||
|
Instead of using sd_pid_get_session() then sd_session_is_active() to
|
||||||
|
determine whether the user is active, use sd_uid_get_state() directly.
|
||||||
|
This gets the maximum of the states of all the user’s sessions, rather
|
||||||
|
than the state of the session containing the subject process. Since the
|
||||||
|
user is the security boundary, this is fine.
|
||||||
|
|
||||||
|
This change is necessary for `systemd --user` sessions, where most user
|
||||||
|
code will be forked off user@.service, rather than running inside the
|
||||||
|
logind session (whether that be a foreground/active or background/online
|
||||||
|
session).
|
||||||
|
|
||||||
|
Policy-wise, the change is from checking whether the subject process is
|
||||||
|
in an active session; to checking whether the subject process is owned
|
||||||
|
by a user with at least one active session.
|
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=76358
|
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
index 9995f87..2a6c739 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
@@ -389,6 +389,37 @@ gboolean
|
||||||
|
polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
|
||||||
|
PolkitSubject *session)
|
||||||
|
{
|
||||||
|
- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
|
||||||
|
+ const char *session_id;
|
||||||
|
+ char *state;
|
||||||
|
+ uid_t uid;
|
||||||
|
+ gboolean is_active = FALSE;
|
||||||
|
+
|
||||||
|
+ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
|
||||||
|
+
|
||||||
|
+ g_debug ("Checking whether session %s is active.", session_id);
|
||||||
|
+
|
||||||
|
+ /* Check whether *any* of the user's current sessions are active. */
|
||||||
|
+ if (sd_session_get_uid (session_id, &uid) < 0)
|
||||||
|
+ goto fallback;
|
||||||
|
+
|
||||||
|
+ g_debug ("Session %s has UID %u.", session_id, uid);
|
||||||
|
+
|
||||||
|
+ if (sd_uid_get_state (uid, &state) < 0)
|
||||||
|
+ goto fallback;
|
||||||
|
+
|
||||||
|
+ g_debug ("UID %u has state %s.", uid, state);
|
||||||
|
+
|
||||||
|
+ is_active = (g_strcmp0 (state, "active") == 0);
|
||||||
|
+ free (state);
|
||||||
|
+
|
||||||
|
+ return is_active;
|
||||||
|
+
|
||||||
|
+fallback:
|
||||||
|
+ /* Fall back to checking the session. This is not ideal, since the user
|
||||||
|
+ * might have multiple sessions, and we cannot guarantee to have chosen
|
||||||
|
+ * the active one.
|
||||||
|
+ *
|
||||||
|
+ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
|
||||||
|
+ return sd_session_is_active (session_id);
|
||||||
|
}
|
||||||
|
|
||||||
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 26 16:26:09 UTC 2015 - meissner@suse.com
|
||||||
|
|
||||||
|
- polkit-revert-session-magic.patch: revert a session detection change
|
||||||
|
that could lead to sessions not being detected as active due to
|
||||||
|
a systemd bug. bsc#954139
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 6 21:26:18 UTC 2015 - antoine.belvire@laposte.net
|
Thu Aug 6 21:26:18 UTC 2015 - antoine.belvire@laposte.net
|
||||||
|
|
||||||
|
|||||||
@ -37,6 +37,8 @@ Source99: baselibs.conf
|
|||||||
Patch0: polkit-no-wheel-group.patch
|
Patch0: polkit-no-wheel-group.patch
|
||||||
# PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support)
|
# PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support)
|
||||||
Patch1: polkit-no-systemd.patch
|
Patch1: polkit-no-systemd.patch
|
||||||
|
# PATCH-REVERT-UPSTREAM polkit-revert-session-magic.patch various bugs meissner -- systemd session magic was not updating the user seats correctly
|
||||||
|
Patch2: polkit-revert-session-magic.patch
|
||||||
# needed for patch1
|
# needed for patch1
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
# needed for patch1
|
# needed for patch1
|
||||||
@ -129,6 +131,7 @@ This package provides the GObject Introspection bindings for PolicyKit.
|
|||||||
%if !(0%{?with_systemd})
|
%if !(0%{?with_systemd})
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%endif
|
%endif
|
||||||
|
%patch2 -p1 -R
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export V=1
|
export V=1
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user