From nobody@FreeBSD.org  Wed Jun 22 19:54:37 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8BA7A106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Jun 2011 19:54:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 71BBD8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Jun 2011 19:54:37 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p5MJsbRI064623
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 22 Jun 2011 19:54:37 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p5MJsbwr064622;
	Wed, 22 Jun 2011 19:54:37 GMT
	(envelope-from nobody)
Message-Id: <201106221954.p5MJsbwr064622@red.freebsd.org>
Date: Wed, 22 Jun 2011 19:54:37 GMT
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: x11/gdm: fix call to setusercontext(3)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         158174
>Category:       ports
>Synopsis:       x11/gdm: fix call to setusercontext(3)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnome
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 22 20:00:20 UTC 2011
>Closed-Date:    Sat Jun 25 14:52:47 UTC 2011
>Last-Modified:  Sat Jun 25 15:00:17 UTC 2011
>Originator:     Edward Tomasz Napierala
>Release:        
>Organization:
>Environment:
>Description:
As it is now, the setusercontext(3) call in gdm is missing a few flags.  Attached patch fixes that by implicitly adding LOGIN_SETLOGINCLASS (neccessary for rctl resource limits), LOGIN_SETCPUMASK and LOGIN_SETMAC.  Note that I've not been able to test the MAC part.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/x11/gdm/Makefile,v
retrieving revision 1.137
diff -u -r1.137 Makefile
--- Makefile	29 Mar 2011 13:40:09 -0000	1.137
+++ Makefile	22 Jun 2011 19:53:11 -0000
@@ -8,7 +8,7 @@
 
 PORTNAME=	gdm
 PORTVERSION=	2.30.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	x11 gnome
 MASTER_SITES=	GNOME
 DIST_SUBDIR=	gnome2
Index: files/patch-daemon_gdm-session-worker.c
===================================================================
RCS file: /home/pcvs/ports/x11/gdm/files/patch-daemon_gdm-session-worker.c,v
retrieving revision 1.4
diff -u -r1.4 patch-daemon_gdm-session-worker.c
--- files/patch-daemon_gdm-session-worker.c	29 Mar 2011 13:40:09 -0000	1.4
+++ files/patch-daemon_gdm-session-worker.c	22 Jun 2011 19:53:11 -0000
@@ -1,5 +1,5 @@
 --- daemon/gdm-session-worker.c.orig	2010-08-11 19:40:07.000000000 +0200
-+++ daemon/gdm-session-worker.c	2011-03-29 10:37:37.000000000 +0200
++++ daemon/gdm-session-worker.c	2011-06-22 21:44:30.000000000 +0200
 @@ -31,6 +31,9 @@
  #include <errno.h>
  #include <grp.h>
@@ -10,7 +10,7 @@
  
  #ifdef  HAVE_LOGINDEVPERM
  #include <libdevinfo.h>
-@@ -341,7 +344,7 @@ gdm_session_execute (const char *file,
+@@ -341,7 +344,7 @@
                           * what to search if PATH is unset. POSIX may, dunno.
                           */
  
@@ -19,7 +19,7 @@
                  }
  
                  len = strlen (file) + 1;
-@@ -1035,17 +1038,6 @@ gdm_cache_copy_file (GdmSessionWorker *w
+@@ -1035,17 +1038,6 @@
                                     error->message);
                          g_error_free (error);
                   } else {
@@ -37,7 +37,7 @@
                          g_debug ("Copy successful");
                  }
  
-@@ -1183,7 +1175,23 @@ gdm_session_worker_uninitialize_pam (Gdm
+@@ -1183,7 +1175,23 @@
                  return;
  
          if (worker->priv->state >= GDM_SESSION_WORKER_STATE_SESSION_OPENED) {
@@ -62,7 +62,7 @@
                  pam_close_session (worker->priv->pam_handle, 0);
                  gdm_session_auditor_report_logout (worker->priv->auditor);
  
-@@ -2027,15 +2035,16 @@ gdm_session_worker_start_user_session (G
+@@ -2027,15 +2035,16 @@
                  char  *cachedirname;
                  char  *home_dir;
                  int    fd;
@@ -83,16 +83,12 @@
  
                  if (setsid () < 0) {
                          g_debug ("GdmSessionWorker: could not set pid '%u' as leader of new session and process group - %s",
-@@ -2043,6 +2052,28 @@ gdm_session_worker_start_user_session (G
+@@ -2043,6 +2052,24 @@
                          _exit (2);
                  }
  
 +#ifdef HAVE_LOGINCAP
-+                if (setusercontext (NULL, pwent, pwent->pw_uid,
-+                            LOGIN_SETLOGIN | LOGIN_SETPATH |
-+                            LOGIN_SETPRIORITY | LOGIN_SETRESOURCES |
-+                            LOGIN_SETUMASK | LOGIN_SETUSER |
-+                            LOGIN_SETENV) < 0) {
++                if (setusercontext (NULL, pwent, pwent->pw_uid, LOGIN_SETALL & ~LOGIN_SETGROUP) < 0) {
 +                        g_debug ("%s: setusercontext () failed for %s. "
 +                                  "Aborting.", "gdm_session_worker_start_user_session",
 +                                login ? login : "(null)");


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->gnome 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Wed Jun 22 20:00:34 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158174 
State-Changed-From-To: open->feedback 
State-Changed-By: mezz 
State-Changed-When: Fri Jun 24 20:27:37 UTC 2011 
State-Changed-Why:  
It doesn't fix. It creates a bug. When I start GNOME with your patch and now 
I get this: http://people.freebsd.org/~mezz/gdm_pr158174.jpg 

Without your patch, GDM starts GNOME perfectly. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158174 
State-Changed-From-To: feedback->closed 
State-Changed-By: mezz 
State-Changed-When: Sat Jun 25 14:52:35 UTC 2011 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158174 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/158174: commit references a PR
Date: Sat, 25 Jun 2011 14:52:32 +0000 (UTC)

 mezz        2011-06-25 14:52:19 UTC
 
   FreeBSD ports repository
 
   Modified files:
     x11/gdm              Makefile 
     x11/gdm/files        patch-daemon_gdm-session-worker.c 
   Log:
   Before, the setusercontext(3) call in gdm is missing a few flags. Replace
   those LOGIN_* to LOGIN_SETALL to enable all but not LOGIN_SETGROUP. It fixes
   the rctl resource limits. Note that, the MAC framework is untest with it.
   Bump the PORTREVISION.
   
   PR:             ports/158174
   Submitted by:   trasz
   
   Revision  Changes    Path
   1.138     +1 -1      ports/x11/gdm/Makefile
   1.5       +8 -11     ports/x11/gdm/files/patch-daemon_gdm-session-worker.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
