From 22bae05ad2c00cc7eb7e8ea81dc5163c5e1ac390541dd0a564bea3224e925df7 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 19 Sep 2014 13:11:36 +0000 Subject: [PATCH] . OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=784 --- 0001-bnc888612-logind-polkit-acpi.patch | 75 +++++++++++++++++++++++++ systemd-mini.spec | 3 + systemd.changes | 7 +++ systemd.spec | 3 + 4 files changed, 88 insertions(+) create mode 100644 0001-bnc888612-logind-polkit-acpi.patch diff --git a/0001-bnc888612-logind-polkit-acpi.patch b/0001-bnc888612-logind-polkit-acpi.patch new file mode 100644 index 00000000..ba3a1b52 --- /dev/null +++ b/0001-bnc888612-logind-polkit-acpi.patch @@ -0,0 +1,75 @@ +--- + src/login/logind-action.c | 5 +++++ + src/login/logind-dbus.c | 20 ++++++++++++++++---- + 2 files changed, 21 insertions(+), 4 deletions(-) + +Index: systemd-210/src/login/logind-action.c +=================================================================== +--- systemd-210/src/login/logind-action.c ++++ systemd-210/src/login/logind-action.c +@@ -101,6 +101,11 @@ int manager_handle_action( + + /* If the key handling is inhibited, don't do anything */ + if (inhibit_key > 0) { ++ if (inhibit_key == INHIBIT_HANDLE_POWER_KEY) { ++ int fd; ++ fd = open("/run/systemd/acpi-shutdown", O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR); ++ close(fd); ++ } + if (manager_is_inhibited(m, inhibit_key, INHIBIT_BLOCK, NULL, true, false, 0, NULL)) { + log_debug("Refusing operation, %s is inhibited.", inhibit_what_to_string(inhibit_key)); + return 0; +Index: systemd-210/src/login/logind-dbus.c +=================================================================== +--- systemd-210/src/login/logind-dbus.c ++++ systemd-210/src/login/logind-dbus.c +@@ -1469,9 +1469,11 @@ static int method_do_shutdown_or_sleep( + sd_bus_error *error) { + + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; +- bool multiple_sessions, blocked; ++ bool multiple_sessions, blocked, shutdown_through_acpi; + int interactive, r; + uid_t uid; ++ int fd; ++ struct stat buf; + + assert(m); + assert(message); +@@ -1515,7 +1517,17 @@ static int method_do_shutdown_or_sleep( + multiple_sessions = r > 0; + blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL); + +- if (multiple_sessions) { ++ fd = open ("/run/systemd/acpi-shutdown", O_NOFOLLOW|O_PATH|O_CLOEXEC); ++ if (fd >= 0) { ++ shutdown_through_acpi = ((fstat(fd,&buf) == 0) && (time(NULL) - buf.st_mtime <= 65)); ++ close(fd); ++ unlink ("/run/systemd/acpi-shutdown"); ++ } ++ else ++ shutdown_through_acpi = false; ++ ++ ++ if (multiple_sessions && !shutdown_through_acpi) { + r = bus_verify_polkit_async(m->bus, &m->polkit_registry, message, + action_multiple_sessions, interactive, error, method, m); + if (r < 0) +@@ -1524,7 +1536,7 @@ static int method_do_shutdown_or_sleep( + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + } + +- if (blocked) { ++ if (blocked && !shutdown_through_acpi) { + r = bus_verify_polkit_async(m->bus, &m->polkit_registry, message, + action_ignore_inhibit, interactive, error, method, m); + if (r < 0) +@@ -1533,7 +1545,7 @@ static int method_do_shutdown_or_sleep( + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + } + +- if (!multiple_sessions && !blocked) { ++ if (!multiple_sessions && !blocked && !shutdown_through_acpi) { + r = bus_verify_polkit_async(m->bus, &m->polkit_registry, message, + action, interactive, error, method, m); + if (r < 0) diff --git a/systemd-mini.spec b/systemd-mini.spec index 6088b6e6..4a3509bf 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -886,6 +886,8 @@ Patch427: 0004-shared-wtmp-utmp-don-t-clear-store_wtmp-in-utmp_put_.patch Patch428: 0005-shared-label.h-add-missing-stdio.h-include.patch # PATCH-FIX-UPSTREAM added at 2014/09/19 Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch +# PATCH-FIX-SUSE BNC#888612 - AUDIT-0: Power button press at gdm login should not prompt for credentials +Patch430: 0001-bnc888612-logind-polkit-acpi.patch # UDEV PATCHES # ============ @@ -1655,6 +1657,7 @@ cp %{SOURCE7} m4/ %patch427 -p0 %patch428 -p0 %patch429 -p0 +%patch430 -p1 # udev patches %patch1001 -p1 diff --git a/systemd.changes b/systemd.changes index 080d4cc8..e3881cf0 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Sep 19 13:08:14 UTC 2014 - werner@suse.de + +- Add patch 0001-bnc888612-logind-polkit-acpi.patch from Frederic + to solve bnc#888612 - AUDIT-0: Power button press at gdm login + should not prompt for credentials + ------------------------------------------------------------------- Fri Sep 19 11:36:48 UTC 2014 - werner@suse.de diff --git a/systemd.spec b/systemd.spec index ff6c5bb2..7f58d45c 100644 --- a/systemd.spec +++ b/systemd.spec @@ -881,6 +881,8 @@ Patch427: 0004-shared-wtmp-utmp-don-t-clear-store_wtmp-in-utmp_put_.patch Patch428: 0005-shared-label.h-add-missing-stdio.h-include.patch # PATCH-FIX-UPSTREAM added at 2014/09/19 Patch429: 0006-shared-sparse-endian.h-add-missing-byteswap.h-includ.patch +# PATCH-FIX-SUSE AUDIT-0: Power button press at gdm login should not prompt for credentials (bnc#888612) +Patch430: 0001-bnc888612-logind-polkit-acpi.patch # UDEV PATCHES # ============ @@ -1650,6 +1652,7 @@ cp %{SOURCE7} m4/ %patch427 -p0 %patch428 -p0 %patch429 -p0 +%patch430 -p1 # udev patches %patch1001 -p1