forked from pool/systemd
- Update fixppc.patch with upstream patches
- Add comments from upstream in 0001-util-never-follow-symlinks-in-rm_rf_children.patch. - Add logind-logout.patch: it should fix sudo / su with pam_systemd (bnc#746704). OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=263
This commit is contained in:
parent
729f3c2839
commit
b3750d1f49
@ -30,3 +30,30 @@ index 20cbc2b..dfc1dc6 100644
|
|||||||
--
|
--
|
||||||
1.7.7
|
1.7.7
|
||||||
|
|
||||||
|
From c9d8629baa09f853fbcc44972c9748e70562270c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Thu, 22 Mar 2012 01:43:36 +0100
|
||||||
|
Subject: [PATCH] logind: extend comment about X11 socket symlink
|
||||||
|
|
||||||
|
---
|
||||||
|
src/login/logind-session.c | 4 ++++
|
||||||
|
1 files changed, 4 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
|
||||||
|
index af9c12d..4e0af86 100644
|
||||||
|
--- a/src/login/logind-session.c
|
||||||
|
+++ b/src/login/logind-session.c
|
||||||
|
@@ -391,6 +391,10 @@ static int session_link_x11_socket(Session *s) {
|
||||||
|
return -ENOENT;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Note that this cannot be in a subdir to avoid
|
||||||
|
+ * vulnerabilities since we are privileged but the runtime
|
||||||
|
+ * path is owned by the user */
|
||||||
|
+
|
||||||
|
t = strappend(s->user->runtime_path, "/X11-display");
|
||||||
|
if (!t) {
|
||||||
|
log_error("Out of memory");
|
||||||
|
--
|
||||||
|
1.7.7
|
||||||
|
|
||||||
|
73
fixppc.patch
73
fixppc.patch
@ -1,3 +1,60 @@
|
|||||||
|
From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Wed, 21 Mar 2012 23:47:44 +0100
|
||||||
|
Subject: [PATCH] journal: PAGE_SIZE is not known on ppc and other archs
|
||||||
|
|
||||||
|
Let's use NAME_MAX, as suggested by Dan Walsh
|
||||||
|
---
|
||||||
|
src/journal/journald.c | 15 ++++++++++++---
|
||||||
|
1 files changed, 12 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/journal/journald.c b/src/journal/journald.c
|
||||||
|
index d27cb60..87390bd 100644
|
||||||
|
--- a/src/journal/journald.c
|
||||||
|
+++ b/src/journal/journald.c
|
||||||
|
@@ -29,7 +29,6 @@
|
||||||
|
#include <sys/ioctl.h>
|
||||||
|
#include <linux/sockios.h>
|
||||||
|
#include <sys/statvfs.h>
|
||||||
|
-#include <sys/user.h>
|
||||||
|
|
||||||
|
#include <systemd/sd-journal.h>
|
||||||
|
#include <systemd/sd-login.h>
|
||||||
|
@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) {
|
||||||
|
size_t label_len = 0;
|
||||||
|
union {
|
||||||
|
struct cmsghdr cmsghdr;
|
||||||
|
+
|
||||||
|
+ /* We use NAME_MAX space for the
|
||||||
|
+ * SELinux label here. The kernel
|
||||||
|
+ * currently enforces no limit, but
|
||||||
|
+ * according to suggestions from the
|
||||||
|
+ * SELinux people this will change and
|
||||||
|
+ * it will probably be identical to
|
||||||
|
+ * NAME_MAX. For now we use that, but
|
||||||
|
+ * this should be updated one day when
|
||||||
|
+ * the final limit is known.*/
|
||||||
|
uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
|
||||||
|
CMSG_SPACE(sizeof(struct timeval)) +
|
||||||
|
- CMSG_SPACE(sizeof(int)) +
|
||||||
|
- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
|
||||||
|
+ CMSG_SPACE(sizeof(int)) + /* fd */
|
||||||
|
+ CMSG_SPACE(NAME_MAX)]; /* selinux label */
|
||||||
|
} control;
|
||||||
|
ssize_t n;
|
||||||
|
int v;
|
||||||
|
--
|
||||||
|
1.7.7
|
||||||
|
|
||||||
|
From dd1e3d5a396284d1afdb2828991a543eb80c8040 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frederic Crozat <fcrozat@suse.com>
|
||||||
|
Date: Thu, 22 Mar 2012 09:39:54 +0100
|
||||||
|
Subject: [PATCH] journal: char is unsigned on ppc, use int8_t instead.
|
||||||
|
|
||||||
|
---
|
||||||
|
src/journal/cat.c | 2 +-
|
||||||
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/journal/cat.c b/src/journal/cat.c
|
diff --git a/src/journal/cat.c b/src/journal/cat.c
|
||||||
index 31d76f3..8a51fb7 100644
|
index 31d76f3..8a51fb7 100644
|
||||||
--- a/src/journal/cat.c
|
--- a/src/journal/cat.c
|
||||||
@ -11,16 +68,6 @@ index 31d76f3..8a51fb7 100644
|
|||||||
static bool arg_level_prefix = true;
|
static bool arg_level_prefix = true;
|
||||||
|
|
||||||
static int help(void) {
|
static int help(void) {
|
||||||
diff --git a/src/journal/journald.c b/src/journal/journald.c
|
--
|
||||||
index baad3ab..1899ad6 100644
|
1.7.7
|
||||||
--- a/src/journal/journald.c
|
|
||||||
+++ b/src/journal/journald.c
|
|
||||||
@@ -2144,7 +2144,7 @@ static int process_event(Server *s, struct epoll_event *ev) {
|
|
||||||
uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
|
|
||||||
CMSG_SPACE(sizeof(struct timeval)) +
|
|
||||||
CMSG_SPACE(sizeof(int)) +
|
|
||||||
- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */
|
|
||||||
+ CMSG_SPACE(PATH_MAX)]; /* selinux label */
|
|
||||||
} control;
|
|
||||||
ssize_t n;
|
|
||||||
int v;
|
|
||||||
|
156
logind-logout.patch
Normal file
156
logind-logout.patch
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
From 75c8e3cffd7da8eede614cf61384957af2c82a29 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Thu, 22 Mar 2012 02:06:40 +0100
|
||||||
|
Subject: [PATCH] logind: close FIFO before ending sessions cleanly
|
||||||
|
|
||||||
|
For clean session endings ask logind explicitly to get rid of the FIFO
|
||||||
|
before closing it so that the FIFO logic doesn't result in su/sudo to be
|
||||||
|
terminated immediately.
|
||||||
|
---
|
||||||
|
src/login/logind-dbus.c | 30 ++++++++++++++++++++
|
||||||
|
src/login/pam-module.c | 71 +++++++++++++++++++++++++++++++++++++++++++++--
|
||||||
|
2 files changed, 98 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
|
||||||
|
index d8f4d89..ea6b89f 100644
|
||||||
|
--- a/src/login/logind-dbus.c
|
||||||
|
+++ b/src/login/logind-dbus.c
|
||||||
|
@@ -80,6 +80,9 @@
|
||||||
|
" <arg name=\"seat\" type=\"s\" direction=\"out\"/>\n" \
|
||||||
|
" <arg name=\"vtnr\" type=\"u\" direction=\"out\"/>\n" \
|
||||||
|
" </method>\n" \
|
||||||
|
+ " <method name=\"ReleaseSession\">\n" \
|
||||||
|
+ " <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
|
||||||
|
+ " </method>\n" \
|
||||||
|
" <method name=\"ActivateSession\">\n" \
|
||||||
|
" <arg name=\"id\" type=\"s\" direction=\"in\"/>\n" \
|
||||||
|
" </method>\n" \
|
||||||
|
@@ -1075,6 +1078,33 @@ static DBusHandlerResult manager_message_handler(
|
||||||
|
if (r < 0)
|
||||||
|
return bus_send_error_reply(connection, message, &error, r);
|
||||||
|
|
||||||
|
+ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) {
|
||||||
|
+ const char *name;
|
||||||
|
+ Session *session;
|
||||||
|
+
|
||||||
|
+ if (!dbus_message_get_args(
|
||||||
|
+ message,
|
||||||
|
+ &error,
|
||||||
|
+ DBUS_TYPE_STRING, &name,
|
||||||
|
+ DBUS_TYPE_INVALID))
|
||||||
|
+ return bus_send_error_reply(connection, message, &error, -EINVAL);
|
||||||
|
+
|
||||||
|
+ session = hashmap_get(m->sessions, name);
|
||||||
|
+ if (!session)
|
||||||
|
+ return bus_send_error_reply(connection, message, &error, -ENOENT);
|
||||||
|
+
|
||||||
|
+ /* We use the FIFO to detect stray sessions where the
|
||||||
|
+ process invoking PAM dies abnormally. We need to make
|
||||||
|
+ sure that that process is not killed if at the clean
|
||||||
|
+ end of the session it closes the FIFO. Hence, with
|
||||||
|
+ this call explicitly turn off the FIFO logic, so that
|
||||||
|
+ the PAM code can finish clean up on its own */
|
||||||
|
+ session_remove_fifo(session);
|
||||||
|
+
|
||||||
|
+ reply = dbus_message_new_method_return(message);
|
||||||
|
+ if (!reply)
|
||||||
|
+ goto oom;
|
||||||
|
+
|
||||||
|
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) {
|
||||||
|
const char *name;
|
||||||
|
Session *session;
|
||||||
|
diff --git a/src/login/pam-module.c b/src/login/pam-module.c
|
||||||
|
index 8544413..4106d2b 100644
|
||||||
|
--- a/src/login/pam-module.c
|
||||||
|
+++ b/src/login/pam-module.c
|
||||||
|
@@ -414,7 +414,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||||
|
"/org/freedesktop/login1",
|
||||||
|
"org.freedesktop.login1.Manager",
|
||||||
|
"CreateSession");
|
||||||
|
-
|
||||||
|
if (!m) {
|
||||||
|
pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
|
||||||
|
r = PAM_BUF_ERR;
|
||||||
|
@@ -620,11 +619,77 @@ _public_ PAM_EXTERN int pam_sm_close_session(
|
||||||
|
int argc, const char **argv) {
|
||||||
|
|
||||||
|
const void *p = NULL;
|
||||||
|
+ const char *id;
|
||||||
|
+ DBusConnection *bus = NULL;
|
||||||
|
+ DBusMessage *m = NULL, *reply = NULL;
|
||||||
|
+ DBusError error;
|
||||||
|
+ int r;
|
||||||
|
|
||||||
|
- pam_get_data(handle, "systemd.session-fd", &p);
|
||||||
|
+ assert(handle);
|
||||||
|
+
|
||||||
|
+ dbus_error_init(&error);
|
||||||
|
+
|
||||||
|
+ id = pam_getenv(handle, "XDG_SESSION_ID");
|
||||||
|
+ if (id) {
|
||||||
|
+
|
||||||
|
+ /* Before we go and close the FIFO we need to tell
|
||||||
|
+ * logind that this is a clean session shutdown, so
|
||||||
|
+ * that it doesn't just go and slaughter us
|
||||||
|
+ * immediately after closing the fd */
|
||||||
|
+
|
||||||
|
+ bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
|
||||||
|
+ if (!bus) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
|
||||||
|
+ r = PAM_SESSION_ERR;
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ m = dbus_message_new_method_call(
|
||||||
|
+ "org.freedesktop.login1",
|
||||||
|
+ "/org/freedesktop/login1",
|
||||||
|
+ "org.freedesktop.login1.Manager",
|
||||||
|
+ "ReleaseSession");
|
||||||
|
+ if (!m) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Could not allocate release session message.");
|
||||||
|
+ r = PAM_BUF_ERR;
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!dbus_message_append_args(m,
|
||||||
|
+ DBUS_TYPE_STRING, &id,
|
||||||
|
+ DBUS_TYPE_INVALID)) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
|
||||||
|
+ r = PAM_BUF_ERR;
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
+ reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
|
||||||
|
+ if (!reply) {
|
||||||
|
+ pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error));
|
||||||
|
+ r = PAM_SESSION_ERR;
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ r = PAM_SUCCESS;
|
||||||
|
+
|
||||||
|
+finish:
|
||||||
|
+ pam_get_data(handle, "systemd.session-fd", &p);
|
||||||
|
if (p)
|
||||||
|
close_nointr(PTR_TO_INT(p) - 1);
|
||||||
|
|
||||||
|
- return PAM_SUCCESS;
|
||||||
|
+ dbus_error_free(&error);
|
||||||
|
+
|
||||||
|
+ if (bus) {
|
||||||
|
+ dbus_connection_close(bus);
|
||||||
|
+ dbus_connection_unref(bus);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (m)
|
||||||
|
+ dbus_message_unref(m);
|
||||||
|
+
|
||||||
|
+ if (reply)
|
||||||
|
+ dbus_message_unref(reply);
|
||||||
|
+
|
||||||
|
+ return r;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.7
|
||||||
|
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com
|
||||||
|
|
||||||
|
- Update fixppc.patch with upstream patches
|
||||||
|
- Add comments from upstream in
|
||||||
|
0001-util-never-follow-symlinks-in-rm_rf_children.patch.
|
||||||
|
- Add logind-logout.patch: it should fix sudo / su with pam_systemd
|
||||||
|
(bnc#746704).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com
|
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com
|
||||||
|
|
||||||
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com
|
||||||
|
|
||||||
|
- Update fixppc.patch with upstream patches
|
||||||
|
- Add comments from upstream in
|
||||||
|
0001-util-never-follow-symlinks-in-rm_rf_children.patch.
|
||||||
|
- Add logind-logout.patch: it should fix sudo / su with pam_systemd
|
||||||
|
(bnc#746704).
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com
|
Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com
|
||||||
|
|
||||||
|
@ -82,13 +82,14 @@ Patch36: sysctl-modules.patch
|
|||||||
Patch38: dm-lvm-after-local-fs-pre-target.patch
|
Patch38: dm-lvm-after-local-fs-pre-target.patch
|
||||||
Patch39: correct_plymouth_paths_and_conflicts.patch
|
Patch39: correct_plymouth_paths_and_conflicts.patch
|
||||||
Patch41: 0001-add-sparse-support-to-detect-endianness-bug.patch
|
Patch41: 0001-add-sparse-support-to-detect-endianness-bug.patch
|
||||||
Patch42: fixppc.patch
|
|
||||||
|
|
||||||
# Upstream First - Policy:
|
# Upstream First - Policy:
|
||||||
# Never add any patches to this package without the upstream commit id
|
# Never add any patches to this package without the upstream commit id
|
||||||
# in the patch. Any patches added here without a very good reason to make
|
# in the patch. Any patches added here without a very good reason to make
|
||||||
# an exception will be silently removed with the next version update.
|
# an exception will be silently removed with the next version update.
|
||||||
Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
|
Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
|
||||||
|
Patch42: fixppc.patch
|
||||||
|
Patch43: logind-logout.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
@ -150,6 +151,7 @@ Plymouth integration for systemd
|
|||||||
%patch40 -p1
|
%patch40 -p1
|
||||||
%patch41 -p1
|
%patch41 -p1
|
||||||
%patch42 -p1
|
%patch42 -p1
|
||||||
|
%patch43 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -fiv
|
autoreconf -fiv
|
||||||
|
Loading…
Reference in New Issue
Block a user