From b451a7ac9651144c340dd025d079f55b971c4e51dc0caa1758261b6772b9d53d Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Thu, 8 Feb 2018 12:02:45 +0000
Subject: [PATCH] Accepting request 573608 from
 home:qkzhu:branches:home:michalsrb:branches:bnc1075805

- Add runtime option to start X under root instead of regular user.
  Necessary if no DRI drivers are present. (bnc#1075805)
  * gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
  * Updated X11-displaymanager-gdm to set the
    GDM_DISABLE_USER_DISPLAY_SERVER variable when needed.

GDM can currently start X server both ways - as regular user or as
root, unfortunately the only way to switch it is using a compilation
option. We need to run X as root in some cases, but want to keep the
increased security of running it under regular user in most cases.
This patch adds the ability to switch it using environmental
variable.

OBS-URL: https://build.opensuse.org/request/show/573608
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdm?expand=0&rev=378
---
 X11-displaymanager-gdm                        | 10 ++
 ...on-to-disable-starting-X-server-as-u.patch | 91 +++++++++++++++++++
 gdm.changes                                   |  9 ++
 gdm.spec                                      |  3 +
 4 files changed, 113 insertions(+)
 create mode 100644 gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch

diff --git a/X11-displaymanager-gdm b/X11-displaymanager-gdm
index 161bde9..6273825 100644
--- a/X11-displaymanager-gdm
+++ b/X11-displaymanager-gdm
@@ -4,6 +4,16 @@ gdm_vars() {
             RELOADSIGNAL="-USR1"
             DISPLAYMANAGER=/usr/sbin/gdm
             PIDFILE=/run/gdm/gdm.pid
+
+            # let gdm run the Xserver as root if access to /dev/fb*
+            # is required (bsc#1075805)
+            # The GDM_DISABLE_USER_DISPLAY_SERVER variable is added by patch
+            # gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+            if [ ! -c /dev/dri/card0 -a \
+                 ! -c /dev/nvidiactl ]; then
+                export GDM_DISABLE_USER_DISPLAY_SERVER=1
+            fi
+
             return 0 ;;
        *) return 1 ;;
     esac
diff --git a/gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch b/gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
new file mode 100644
index 0000000..a44a384
--- /dev/null
+++ b/gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
@@ -0,0 +1,91 @@
+From a19b51ad9e446948ba60c359641f6c4c14fec1da Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb@suse.com>
+Date: Fri, 26 Jan 2018 10:49:18 +0100
+Subject: [PATCH] Add runtime option to disable starting X server as user
+
+If the environmental variable GDM_DISABLE_USER_DISPLAY_SERVER is defined, the
+X server will be started under root. The same way as if gdm was built with
+--disable-user-display-server option.
+
+This allows system to run X server under root if and only-if necessary.
+---
+ daemon/gdm-local-display-factory.c | 10 ++++++----
+ daemon/gdm-session.c               | 13 +++++++++----
+ 2 files changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/daemon/gdm-local-display-factory.c b/daemon/gdm-local-display-factory.c
+index b29f5ac5..7c687cf6 100644
+--- a/daemon/gdm-local-display-factory.c
++++ b/daemon/gdm-local-display-factory.c
+@@ -207,8 +207,11 @@ gdm_local_display_factory_create_transient_display (GdmLocalDisplayFactory *fact
+         g_debug ("GdmLocalDisplayFactory: Creating transient display");
+ 
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-        display = gdm_local_display_new ();
+-#else
++        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
++                display = gdm_local_display_new ();
++        }
++#endif
++
+         if (display == NULL) {
+                 guint32 num;
+ 
+@@ -216,7 +219,6 @@ gdm_local_display_factory_create_transient_display (GdmLocalDisplayFactory *fact
+ 
+                 display = gdm_legacy_display_new (num);
+         }
+-#endif
+ 
+         g_object_set (display,
+                       "seat-id", "seat0",
+@@ -369,7 +371,7 @@ create_display (GdmLocalDisplayFactory *factory,
+         g_debug ("GdmLocalDisplayFactory: Adding display on seat %s", seat_id);
+ 
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-        if (g_strcmp0 (seat_id, "seat0") == 0) {
++        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL && g_strcmp0 (seat_id, "seat0") == 0) {
+                 display = gdm_local_display_new ();
+                 if (session_type != NULL) {
+                         g_object_set (G_OBJECT (display), "session-type", session_type, NULL);
+diff --git a/daemon/gdm-session.c b/daemon/gdm-session.c
+index 610ebcd0..cb37ed4e 100644
+--- a/daemon/gdm-session.c
++++ b/daemon/gdm-session.c
+@@ -360,7 +360,11 @@ get_system_session_dirs (GdmSession *self)
+ #ifdef ENABLE_WAYLAND_SUPPORT
+         if (!self->priv->ignore_wayland) {
+ #ifdef ENABLE_USER_DISPLAY_SERVER
+-                g_array_prepend_val (search_array, wayland_search_dir);
++                if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
++                        g_array_prepend_val (search_array, wayland_search_dir);
++                } else {
++                        g_array_append_val (search_array, wayland_search_dir);
++                }
+ #else
+                 g_array_append_val (search_array, wayland_search_dir);
+ #endif
+@@ -3147,8 +3151,10 @@ gdm_session_get_display_mode (GdmSession *self)
+          *   right now.  It will die with an error if logind devices
+          *   are paused when handed out.
+          */
+-        return GDM_SESSION_DISPLAY_MODE_NEW_VT;
+-#else
++        if (getenv ("GDM_DISABLE_USER_DISPLAY_SERVER") == NULL) {
++                return GDM_SESSION_DISPLAY_MODE_NEW_VT;
++        }
++#endif
+ 
+ #ifdef ENABLE_WAYLAND_SUPPORT
+         /* Wayland sessions are for now assumed to run in a
+@@ -3159,7 +3165,6 @@ gdm_session_get_display_mode (GdmSession *self)
+         }
+ #endif
+         return GDM_SESSION_DISPLAY_MODE_REUSE_VT;
+-#endif
+ }
+ 
+ void
+-- 
+2.13.6
+
diff --git a/gdm.changes b/gdm.changes
index 9bf8787..8f688c3 100644
--- a/gdm.changes
+++ b/gdm.changes
@@ -11,6 +11,15 @@ Tue Jan 30 07:48:01 UTC 2018 - yfjiang@suse.com
   filename argument in gdm_settings_desktop_backend_new instead of
   examining GDM_RUNTIME_CONF (bsc#1078030).
 
+-------------------------------------------------------------------
+Fri Jan 26 11:27:50 UTC 2018 - msrb@suse.com
+
+- Add runtime option to start X under root instead of regular user.
+  Necessary if no DRI drivers are present. (bnc#1075805)
+  * gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
+  * Updated X11-displaymanager-gdm to set the
+    GDM_DISABLE_USER_DISPLAY_SERVER variable when needed.
+
 -------------------------------------------------------------------
 Fri Jan 19 10:27:26 UTC 2018 - fezhang@suse.com
 
diff --git a/gdm.spec b/gdm.spec
index acd7fcf..815709c 100644
--- a/gdm.spec
+++ b/gdm.spec
@@ -72,6 +72,8 @@ Patch43:        gdm-not-run-with-bogus-DISPLAY-XAUTHORITY.patch
 Patch49:        gdm-default-wm-sle12.patch
 # PATCH-FIX-SLE gdm-disable-gnome-initial-setup.patch bnc#1067976 qzhao@suse.com -- Disable gnome-initial-setup runs before gdm, g-i-s will only serve for CJK people to choose the input-method after login.
 Patch52:        gdm-disable-gnome-initial-setup.patch
+# PATCH-FIX-SLE gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch bnc#1075805 msrb@suse.com -- Add runtime option to start X under root instead of regular user. Necessary if no DRI drivers are present.
+Patch53:        gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch
 BuildRequires:  check-devel
 # needed for directory ownership
 BuildRequires:  dconf
@@ -222,6 +224,7 @@ translation-update-upstream
 %patch49 -p1
 %patch52 -p1
 %endif
+%patch53 -p1
 
 %build
 NOCONFIGURE=1 sh autogen.sh