rpms/gdm/devel gdm-2.19.6-selinux.patch, NONE, 1.1 gdm-autologin-pam, 1.1, 1.2 gdm-pam, 1.2, 1.3 gdm.spec, 1.277, 1.278
Ray Strode (rstrode)
fedora-extras-commits at redhat.com
Fri Aug 24 15:33:39 UTC 2007
Author: rstrode
Update of /cvs/pkgs/rpms/gdm/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17796
Modified Files:
gdm-autologin-pam gdm-pam gdm.spec
Added Files:
gdm-2.19.6-selinux.patch
Log Message:
- use pam_selinux instead of home grown selinux code (bug 254164)
gdm-2.19.6-selinux.patch:
--- NEW FILE gdm-2.19.6-selinux.patch ---
diff -up gdm-2.19.6/configure.ac.selinux gdm-2.19.6/configure.ac
--- gdm-2.19.6/configure.ac.selinux 2007-08-24 11:25:38.000000000 -0400
+++ gdm-2.19.6/configure.ac 2007-08-24 11:25:54.000000000 -0400
@@ -72,8 +72,6 @@ AC_ARG_WITH(dmx,
[ --with-dmx=[auto/yes/no] Add DMX (Distributed Multihead X) support [default=auto]],,
with_dmx=auto)
-AC_ARG_WITH(selinux, [ --with-selinux Add SELinux support])
-
AC_ARG_WITH(console-kit,
[ --with-console-kit=[auto/yes/no] Add ConsoleKit support [default=auto]],,
with_console_kit=auto)
@@ -805,30 +803,6 @@ fi
#
-# SELinux stuff
-#
-if test "x$with_selinux" = "xyes" ; then
- echo "SELinux support requested (--with-selinux was given), checking prerequisites"
- if test -d /usr/local/selinux/include ; then
- echo "Found /usr/local/selinux/include, will look there for SELinux stuff as well"
- CFLAGS="$CFLAGS -I/usr/local/selinux/include"
- LDFLAGS="$LDFLAGS -L/usr/local/selinux/lib"
- fi
- AC_CHECK_HEADER(selinux/selinux.h)
- AC_CHECK_HEADER(selinux/get_context_list.h)
- AC_CHECK_LIB(attr,attr_get,/bin/true)
- # I'm anal and I don't know which versions have which symbols,
- # so I check for all the ones we use
- AC_CHECK_LIB(selinux,get_ordered_context_list,/bin/true)
- AC_CHECK_LIB(selinux,freecon,/bin/true)
- AC_CHECK_LIB(selinux,freeconary,/bin/true)
- AC_CHECK_LIB(selinux,setexeccon,/bin/true)
- AC_CHECK_LIB(selinux,is_selinux_enabled,/bin/true)
- AC_DEFINE(HAVE_SELINUX)
- EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lselinux -lattr"
-fi
-
-#
# ConsoleKit support
#
use_console_kit=no
@@ -1447,13 +1421,6 @@ else
echo "Console helper : NO"
fi
-dnl <= SELinux support =>
-if test "x$with_selinux" = "xyes" ; then
- echo "SELinux support : YES"
-else
- echo "SELinux support : NO"
-fi
-
dnl <= Solaris Trusted Extensions support =>
if test "x$found_tsol" = "xyes" ; then
echo "Solaris Trusted Extensions support : YES"
diff -up gdm-2.19.6/daemon/slave.c.selinux gdm-2.19.6/daemon/slave.c
--- gdm-2.19.6/daemon/slave.c.selinux 2007-08-24 11:24:34.000000000 -0400
+++ gdm-2.19.6/daemon/slave.c 2007-08-24 11:24:52.000000000 -0400
@@ -87,11 +87,6 @@
#include <user_attr.h>
#endif
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#include <selinux/get_context_list.h>
-#endif /* HAVE_SELINUX */
-
#include <glib/gi18n.h>
#include <gdk/gdkx.h>
#include <gtk/gtk.h>
@@ -3521,48 +3516,6 @@ open_xsession_errors (struct passwd *pwe
return logfd;
}
-#ifdef HAVE_SELINUX
-/* This should be run just before we exec the user session */
-static gboolean
-gdm_selinux_setup (const char *login)
-{
- security_context_t scontext;
- int ret=-1;
- char *seuser=NULL;
- char *level=NULL;
-
- /* If selinux is not enabled, then we don't do anything */
- if (is_selinux_enabled () <= 0)
- return TRUE;
-
- if (getseuserbyname(login, &seuser, &level) == 0)
- ret=get_default_context_with_level(seuser, level, 0, &scontext);
-
- if (ret < 0) {
- gdm_error ("SELinux gdm login: unable to obtain default security context for %s.", login);
- /* note that this will be run when the .xsession-errors
- is already being logged, so we can use stderr */
- gdm_fdprintf (2, "SELinux gdm login: unable to obtain default security context for %s.", login);
- return (security_getenforce()==0);
- }
-
- gdm_assert (scontext != NULL);
-
- if (setexeccon (scontext) != 0) {
- gdm_error ("SELinux gdm login: unable to set executable context %s.",
- (char *)scontext);
- gdm_fdprintf (2, "SELinux gdm login: unable to set executable context %s.",
- (char *)scontext);
- freecon (scontext);
- return (security_getenforce()==0);
- }
-
- freecon (scontext);
-
- return TRUE;
-}
-#endif /* HAVE_SELINUX */
-
static void
session_child_run (struct passwd *pwent,
int logfd,
@@ -4048,16 +4001,6 @@ session_child_run (struct passwd *pwent,
}
#endif
-#ifdef HAVE_SELINUX
- if ( ! gdm_selinux_setup (pwent->pw_name)) {
- /* 66 means no "session crashed" examine .xsession-errors
- dialog */
- gdm_errorgui_error_box (d, GTK_MESSAGE_ERROR,
- _("Error! Unable to set executable context."));
- _exit (66);
- }
-#endif
-
g_shell_parse_argv (fullexec->str, NULL, &argv, NULL);
VE_IGNORE_EINTR (execv (argv[0], argv));
g_strfreev (argv);
Index: gdm-autologin-pam
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/devel/gdm-autologin-pam,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- gdm-autologin-pam 3 Aug 2006 22:57:46 -0000 1.1
+++ gdm-autologin-pam 24 Aug 2007 15:33:07 -0000 1.2
@@ -4,7 +4,9 @@
account required pam_nologin.so
account include system-auth
password include system-auth
+session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
+session required pam_selinux.so open
Index: gdm-pam
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/devel/gdm-pam,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- gdm-pam 30 Jul 2007 17:57:36 -0000 1.2
+++ gdm-pam 24 Aug 2007 15:33:07 -0000 1.3
@@ -5,9 +5,11 @@
account required pam_nologin.so
account include system-auth
password include system-auth
+session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
+session required pam_selinux.so open
session optional pam_gnome_keyring.so
Index: gdm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.277
retrieving revision 1.278
diff -u -r1.277 -r1.278
--- gdm.spec 22 Aug 2007 20:51:22 -0000 1.277
+++ gdm.spec 24 Aug 2007 15:33:07 -0000 1.278
@@ -1,5 +1,4 @@
-%define libselinuxver 1.27.7
%define libauditver 1.0.6
%define pango_version 1.2.0
%define gtk2_version 2.6.0
@@ -17,7 +16,7 @@
Summary: The GNOME Display Manager
Name: gdm
Version: 2.19.6
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
License: GPLv2+
Group: User Interface/X
@@ -56,6 +55,9 @@
# http://bugzilla.gnome.org/show_bug.cgi?id=467335
Patch36: gdm-2.19.5-disable-typeahead.patch
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=254164
+Patch37: gdm-2.19.6-selinux.patch
+
Patch100: gdm-2.19.6-change-defaults.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -101,7 +103,6 @@
BuildRequires: gettext
BuildRequires: gnome-doc-utils
BuildRequires: libdmx-devel
-BuildRequires: libselinux-devel >= %{libselinuxver}
BuildRequires: audit-libs-devel >= %{libauditver}
BuildRequires: intltool
%ifnarch s390 s390x ppc64
@@ -109,7 +110,6 @@
%endif
BuildRequires: nss-devel >= %{nss_version}
BuildRequires: ConsoleKit
-Requires: libselinux >= %{libselinuxver}
Requires: audit-libs >= %{libauditver}
%description
@@ -140,6 +140,7 @@
%patch33 -p1 -b .pass-ats-to-session
%patch35 -p1 -b .gdmsetup-path
%patch36 -p1 -b .disable-typeahead
+%patch37 -p1 -b .selinux
%patch100 -p1 -b .change-defaults
@@ -157,7 +158,6 @@
%configure --with-pam-prefix=%{_sysconfdir} \
--enable-console-helper \
--disable-scrollkeeper \
- --with-selinux \
--with-console-kit
make
@@ -355,6 +355,9 @@
%{_datadir}/pixmaps/faces/extras/*.jpg
%changelog
+* Fri Aug 24 2007 Ray Strode <rstrode at redhat.com> - 1:2.19.6-5
+- use pam_selinux instead of home grown selinux code (bug 254164)
+
* Wed Aug 22 2007 Kristian Høgsberg <krh at redhat.com> - 1:2.19.6-4
- Pass -br to the default X server too.
More information about the fedora-extras-commits
mailing list