- Update fixppc.patch with upstream patches

- Add comments from upstream in
  0001-util-never-follow-symlinks-in-rm_rf_children.patch.
- Add logind-logout.patch: it should fix sudo / su with pam_systemd
  (bnc#746704).

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=263
This commit is contained in:
Frederic Crozat 2012-03-22 08:55:35 +00:00 committed by Git OBS Bridge
parent 729f3c2839
commit b3750d1f49
6 changed files with 264 additions and 14 deletions

View File

@ -30,3 +30,30 @@ index 20cbc2b..dfc1dc6 100644
-- --
1.7.7 1.7.7
From c9d8629baa09f853fbcc44972c9748e70562270c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Mar 2012 01:43:36 +0100
Subject: [PATCH] logind: extend comment about X11 socket symlink
---
src/login/logind-session.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index af9c12d..4e0af86 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -391,6 +391,10 @@ static int session_link_x11_socket(Session *s) {
return -ENOENT;
}
+ /* Note that this cannot be in a subdir to avoid
+ * vulnerabilities since we are privileged but the runtime
+ * path is owned by the user */
+
t = strappend(s->user->runtime_path, "/X11-display");
if (!t) {
log_error("Out of memory");
--
1.7.7

View File

@ -1,3 +1,60 @@
From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 21 Mar 2012 23:47:44 +0100
Subject: [PATCH] journal: PAGE_SIZE is not known on ppc and other archs
Let's use NAME_MAX, as suggested by Dan Walsh
---
src/journal/journald.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/journal/journald.c b/src/journal/journald.c
index d27cb60..87390bd 100644
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -29,7 +29,6 @@
#include <sys/ioctl.h>
#include <linux/sockios.h>
#include <sys/statvfs.h>
-#include <sys/user.h>
#include <systemd/sd-journal.h>
#include <systemd/sd-login.h>
@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) {
size_t label_len = 0;
union {
struct cmsghdr cmsghdr;
+
+ /* We use NAME_MAX space for the
+ * SELinux label here. The kernel
+ * currently enforces no limit, but
+ * according to suggestions from the
+ * SELinux people this will change and
+ * it will probably be identical to
+ * NAME_MAX. For now we use that, but
+ * this should be updated one day when
+ * the final limit is known.*/
uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
CMSG_SPACE(sizeof(struct timeval)) +
- CMSG_SPACE(sizeof(int)) +
- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
+ CMSG_SPACE(sizeof(int)) + /* fd */
+ CMSG_SPACE(NAME_MAX)]; /* selinux label */
} control;
ssize_t n;
int v;
--
1.7.7
From dd1e3d5a396284d1afdb2828991a543eb80c8040 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Thu, 22 Mar 2012 09:39:54 +0100
Subject: [PATCH] journal: char is unsigned on ppc, use int8_t instead.
---
src/journal/cat.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/journal/cat.c b/src/journal/cat.c diff --git a/src/journal/cat.c b/src/journal/cat.c
index 31d76f3..8a51fb7 100644 index 31d76f3..8a51fb7 100644
--- a/src/journal/cat.c --- a/src/journal/cat.c
@ -11,16 +68,6 @@ index 31d76f3..8a51fb7 100644
static bool arg_level_prefix = true; static bool arg_level_prefix = true;
static int help(void) { static int help(void) {
diff --git a/src/journal/journald.c b/src/journal/journald.c --
index baad3ab..1899ad6 100644 1.7.7
--- a/src/journal/journald.c
+++ b/src/journal/journald.c
@@ -2144,7 +2144,7 @@ static int process_event(Server *s, struct epoll_event *ev) {
uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
CMSG_SPACE(sizeof(struct timeval)) +
CMSG_SPACE(sizeof(int)) +
- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
+ CMSG_SPACE(PATH_MAX)]; /* selinux label */
} control;
ssize_t n;
int v;

156
logind-logout.patch Normal file
View File

@ -0,0 +1,156 @@
From 75c8e3cffd7da8eede614cf61384957af2c82a29 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Mar 2012 02:06:40 +0100
Subject: [PATCH] logind: close FIFO before ending sessions cleanly
For clean session endings ask logind explicitly to get rid of the FIFO
before closing it so that the FIFO logic doesn't result in su/sudo to be
terminated immediately.
---
src/login/logind-dbus.c | 30 ++++++++++++++++++++
src/login/pam-module.c | 71 +++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index d8f4d89..ea6b89f 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -80,6 +80,9 @@
" <arg name=\"seat\" type=\"s\" direction=\"out\"/>\n" \
" <arg name=\"vtnr\" type=\"u\" direction=\"out\"/>\n" \
" </method>\n" \
+ " <method name=\"ReleaseSession\">\n" \
+ " <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
+ " </method>\n" \
" <method name=\"ActivateSession\">\n" \
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
" </method>\n" \
@@ -1075,6 +1078,33 @@ static DBusHandlerResult manager_message_handler(
if (r < 0)
return bus_send_error_reply(connection, message, &error, r);
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) {
+ const char *name;
+ Session *session;
+
+ if (!dbus_message_get_args(
+ message,
+ &error,
+ DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_INVALID))
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
+
+ session = hashmap_get(m->sessions, name);
+ if (!session)
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
+
+ /* We use the FIFO to detect stray sessions where the
+ process invoking PAM dies abnormally. We need to make
+ sure that that process is not killed if at the clean
+ end of the session it closes the FIFO. Hence, with
+ this call explicitly turn off the FIFO logic, so that
+ the PAM code can finish clean up on its own */
+ session_remove_fifo(session);
+
+ reply = dbus_message_new_method_return(message);
+ if (!reply)
+ goto oom;
+
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) {
const char *name;
Session *session;
diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 8544413..4106d2b 100644
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -414,7 +414,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
"CreateSession");
-
if (!m) {
pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
r = PAM_BUF_ERR;
@@ -620,11 +619,77 @@ _public_ PAM_EXTERN int pam_sm_close_session(
int argc, const char **argv) {
const void *p = NULL;
+ const char *id;
+ DBusConnection *bus = NULL;
+ DBusMessage *m = NULL, *reply = NULL;
+ DBusError error;
+ int r;
- pam_get_data(handle, "systemd.session-fd", &p);
+ assert(handle);
+
+ dbus_error_init(&error);
+
+ id = pam_getenv(handle, "XDG_SESSION_ID");
+ if (id) {
+
+ /* Before we go and close the FIFO we need to tell
+ * logind that this is a clean session shutdown, so
+ * that it doesn't just go and slaughter us
+ * immediately after closing the fd */
+
+ bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
+ if (!bus) {
+ pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
+ r = PAM_SESSION_ERR;
+ goto finish;
+ }
+
+ m = dbus_message_new_method_call(
+ "org.freedesktop.login1",
+ "/org/freedesktop/login1",
+ "org.freedesktop.login1.Manager",
+ "ReleaseSession");
+ if (!m) {
+ pam_syslog(handle, LOG_ERR, "Could not allocate release session message.");
+ r = PAM_BUF_ERR;
+ goto finish;
+ }
+
+ if (!dbus_message_append_args(m,
+ DBUS_TYPE_STRING, &id,
+ DBUS_TYPE_INVALID)) {
+ pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
+ r = PAM_BUF_ERR;
+ goto finish;
+ }
+ reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
+ if (!reply) {
+ pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error));
+ r = PAM_SESSION_ERR;
+ goto finish;
+ }
+ }
+
+ r = PAM_SUCCESS;
+
+finish:
+ pam_get_data(handle, "systemd.session-fd", &p);
if (p)
close_nointr(PTR_TO_INT(p) - 1);
- return PAM_SUCCESS;
+ dbus_error_free(&error);
+
+ if (bus) {
+ dbus_connection_close(bus);
+ dbus_connection_unref(bus);
+ }
+
+ if (m)
+ dbus_message_unref(m);
+
+ if (reply)
+ dbus_message_unref(reply);
+
+ return r;
}
--
1.7.7

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com
- Update fixppc.patch with upstream patches
- Add comments from upstream in
0001-util-never-follow-symlinks-in-rm_rf_children.patch.
- Add logind-logout.patch: it should fix sudo / su with pam_systemd
(bnc#746704).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com
- Update fixppc.patch with upstream patches
- Add comments from upstream in
0001-util-never-follow-symlinks-in-rm_rf_children.patch.
- Add logind-logout.patch: it should fix sudo / su with pam_systemd
(bnc#746704).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com

View File

@ -82,13 +82,14 @@ Patch36: sysctl-modules.patch
Patch38: dm-lvm-after-local-fs-pre-target.patch Patch38: dm-lvm-after-local-fs-pre-target.patch
Patch39: correct_plymouth_paths_and_conflicts.patch Patch39: correct_plymouth_paths_and_conflicts.patch
Patch41: 0001-add-sparse-support-to-detect-endianness-bug.patch Patch41: 0001-add-sparse-support-to-detect-endianness-bug.patch
Patch42: fixppc.patch
# Upstream First - Policy: # Upstream First - Policy:
# Never add any patches to this package without the upstream commit id # Never add any patches to this package without the upstream commit id
# in the patch. Any patches added here without a very good reason to make # in the patch. Any patches added here without a very good reason to make
# an exception will be silently removed with the next version update. # an exception will be silently removed with the next version update.
Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
Patch42: fixppc.patch
Patch43: logind-logout.patch
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
@ -150,6 +151,7 @@ Plymouth integration for systemd
%patch40 -p1 %patch40 -p1
%patch41 -p1 %patch41 -p1
%patch42 -p1 %patch42 -p1
%patch43 -p1
%build %build
autoreconf -fiv autoreconf -fiv