Accepting request 573608 from home:qkzhu:branches:home:michalsrb:branches:bnc1075805

- Add runtime option to start X under root instead of regular user. Necessary if no DRI drivers are present. (bnc#1075805) * gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch * Updated X11-displaymanager-gdm to set the GDM_DISABLE_USER_DISPLAY_SERVER variable when needed. GDM can currently start X server both ways - as regular user or as root, unfortunately the only way to switch it is using a compilation option. We need to run X as root in some cases, but want to keep the increased security of running it under regular user in most cases. This patch adds the ability to switch it using environmental variable. OBS-URL: https://build.opensuse.org/request/show/573608 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdm?expand=0&rev=378
2018-02-08 12:02:45 +00:00 · 2018-02-08 12:02:45 +00:00 · b451a7ac96
commit b451a7ac96
parent d208b8f179
4 changed files with 113 additions and 0 deletions
--- a/10
+++ b/10
@ -4,6 +4,16 @@ gdm_vars() {
            RELOADSIGNAL="-USR1"
            DISPLAYMANAGER=/usr/sbin/gdm
            PIDFILE=/run/gdm/gdm.pid
+
+            # let gdm run the Xserver as root if access to /dev/fb*
+            # is required (bsc#1075805)
+            # The GDM_DISABLE_USER_DISPLAY_SERVER variable is added by patch
+            # gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+            if [ ! -c /dev/dri/card0 -a \
+                 ! -c /dev/nvidiactl ]; then
+                export GDM_DISABLE_USER_DISPLAY_SERVER=1
+            fi
+
            return 0 ;;
       *) return 1 ;;
    esac
--- a/gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+++ b/gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
@ -0,0 +1,91 @@
+From a19b51ad9e446948ba60c359641f6c4c14fec1da Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Fri, 26 Jan 2018 10:49:18 +0100
+Subject: [PATCH] Add runtime option to disable starting X server as user
+
+If the environmental variable GDM_DISABLE_USER_DISPLAY_SERVER is defined, the
+X server will be started under root. The same way as if gdm was built with
+--disable-user-display-server option.
+
+This allows system to run X server under root if and only-if necessary.
+---
+ daemon/gdm-local-display-factory.c | 10 ++++++----
+ daemon/gdm-session.c               | 13 +++++++++----
+ 2 files changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index b29f5ac5..7c687cf6 100644
+--- a/daemon/gdm-local-display-factory.c
+++ b/daemon/gdm-local-display-factory.c
+@@ -207,8 +207,11 @@ gdm_local_display_factory_create_transient_display (GdmLocalDisplayFactory *fact
+         g_debug ("GdmLocalDisplayFactory: Creating transient display");
+ 
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-        display = gdm_local_display_new ();
+-#else
+        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
+                display = gdm_local_display_new ();
+        }
+#endif
+
+         if (display == NULL) {
+                 guint32 num;
+ 
+@@ -216,7 +219,6 @@ gdm_local_display_factory_create_transient_display (GdmLocalDisplayFactory *fact
+ 
+                 display = gdm_legacy_display_new (num);
+         }
+-#endif
+ 
+         g_object_set (display,
+                       "seat-id", "seat0",
+@@ -369,7 +371,7 @@ create_display (GdmLocalDisplayFactory *factory,
+         g_debug ("GdmLocalDisplayFactory: Adding display on seat %s", seat_id);
+ 
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-        if (g_strcmp0 (seat_id, "seat0") == 0) {
+        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL && g_strcmp0 (seat_id, "seat0") == 0) {
+                 display = gdm_local_display_new ();
+                 if (session_type != NULL) {
+                         g_object_set (G_OBJECT (display), "session-type", session_type, NULL);
+diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
+index 610ebcd0..cb37ed4e 100644
+--- a/daemon/gdm-session.c
+++ b/daemon/gdm-session.c
+@@ -360,7 +360,11 @@ get_system_session_dirs (GdmSession *self)
+ #ifdef ENABLE_WAYLAND_SUPPORT
+         if (!self->priv->ignore_wayland) {
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-                g_array_prepend_val (search_array, wayland_search_dir);
+                if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
+                        g_array_prepend_val (search_array, wayland_search_dir);
+                } else {
+                        g_array_append_val (search_array, wayland_search_dir);
+                }
+ #else
+                 g_array_append_val (search_array, wayland_search_dir);
+ #endif
+@@ -3147,8 +3151,10 @@ gdm_session_get_display_mode (GdmSession *self)
+          *   right now.  It will die with an error if logind devices
+          *   are paused when handed out.
+          */
+-        return GDM_SESSION_DISPLAY_MODE_NEW_VT;
+-#else
+        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
+                return GDM_SESSION_DISPLAY_MODE_NEW_VT;
+        }
+#endif
+ 
+ #ifdef ENABLE_WAYLAND_SUPPORT
+         /* Wayland sessions are for now assumed to run in a
+@@ -3159,7 +3165,6 @@ gdm_session_get_display_mode (GdmSession *self)
+         }
+ #endif
+         return GDM_SESSION_DISPLAY_MODE_REUSE_VT;
+-#endif
+ }
+ 
+ void
+-- 
+2.13.6
+
--- a/gdm.changes
+++ b/gdm.changes
@ -11,6 +11,15 @@ Tue Jan 30 07:48:01 UTC 2018 - yfjiang@suse.com
  filename argument in gdm_settings_desktop_backend_new instead of
  examining GDM_RUNTIME_CONF (bsc#1078030).

+-------------------------------------------------------------------
+Fri Jan 26 11:27:50 UTC 2018 - msrb@suse.com
+
+- Add runtime option to start X under root instead of regular user.
+  Necessary if no DRI drivers are present. (bnc#1075805)
+  * gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+  * Updated X11-displaymanager-gdm to set the
+    GDM_DISABLE_USER_DISPLAY_SERVER variable when needed.
+
 -------------------------------------------------------------------
 Fri Jan 19 10:27:26 UTC 2018 - fezhang@suse.com

--- a/gdm.spec
+++ b/gdm.spec
@ -72,6 +72,8 @@ Patch43:        gdm-not-run-with-bogus-DISPLAY-XAUTHORITY.patch
 Patch49:        gdm-default-wm-sle12.patch
 # PATCH-FIX-SLE gdm-disable-gnome-initial-setup.patch bnc#1067976 qzhao@suse.com -- Disable gnome-initial-setup runs before gdm, g-i-s will only serve for CJK people to choose the input-method after login.
 Patch52:        gdm-disable-gnome-initial-setup.patch
+# PATCH-FIX-SLE gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch bnc#1075805 msrb@suse.com -- Add runtime option to start X under root instead of regular user. Necessary if no DRI drivers are present.
+Patch53:        gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
 BuildRequires:  check-devel
 # needed for directory ownership
 BuildRequires:  dconf
@ -222,6 +224,7 @@ translation-update-upstream
 %patch49 -p1
 %patch52 -p1
 %endif
+%patch53 -p1

 %build
 NOCONFIGURE=1 sh autogen.sh