From c248a7d1efdc85d9dc805ab7bb469311c4aea2ed Mon Sep 17 00:00:00 2001
From: Bojan Smojver <bojan@rexursive.com>
Date: Fri, 7 Apr 2017 14:13:47 +1000
Subject: [PATCH] Avoid SELinux context transition after prctl() call by using
 setpriv.

---
 ...-0.9.1-sesman.patch => xrdp-0.9.2-sesman.patch | 15 ++++++++++++---
 xrdp.spec                                         |  8 +++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)
 rename xrdp-0.9.1-sesman.patch => xrdp-0.9.2-sesman.patch (58%)

diff --git a/xrdp-0.9.1-sesman.patch b/xrdp-0.9.2-sesman.patch
similarity index 58%
rename from xrdp-0.9.1-sesman.patch
rename to xrdp-0.9.2-sesman.patch
index d92ec07..571e56f 100644
--- a/xrdp-0.9.1-sesman.patch
+++ b/xrdp-0.9.2-sesman.patch
@@ -1,5 +1,5 @@
---- xrdp-0.9.1/sesman/sesman.ini.orig	2016-12-23 04:02:47.000000000 +1100
-+++ xrdp-0.9.1/sesman/sesman.ini	2017-03-14 15:31:29.560167402 +1100
+--- xrdp-0.9.2-vanilla/sesman/sesman.ini	2017-02-20 18:11:37.000000000 +1100
++++ xrdp-0.9.2/sesman/sesman.ini	2017-04-07 11:03:29.929069805 +1000
 @@ -3,7 +3,7 @@
  ListenPort=3350
  EnableUserWindowManager=true
@@ -9,7 +9,7 @@
  
  [Security]
  AllowRootLogin=true
-@@ -61,12 +61,12 @@
+@@ -54,12 +54,12 @@
  EnableSyslog=1
  SyslogLevel=DEBUG
  
@@ -28,3 +28,12 @@
  
  [Xvnc]
  param=Xvnc
+@@ -71,6 +71,8 @@
+ param=96
+ 
+ [Xorg]
++param=setpriv
++param=--no-new-privs
+ param=Xorg
+ param=-config
+ param=xrdp/xorg.conf
diff --git a/xrdp.spec b/xrdp.spec
index b8c8657..f06e858 100644
--- a/xrdp.spec
+++ b/xrdp.spec
@@ -4,7 +4,7 @@ Summary:   Open source remote desktop protocol (RDP) server
 Name:      xrdp
 Epoch:     1
 Version:   0.9.2
-Release:   3%{?dist}
+Release:   4%{?dist}
 License:   ASL 2.0
 Group:     Applications/Internet
 URL:       http://www.xrdp.org/
@@ -34,6 +34,7 @@ Requires: tigervnc-server-minimal
 # xorgxrdp is another back end (small, so require it too)
 Requires: xorgxrdp
 Requires: xorg-x11-xinit
+Requires: util-linux
 
 Requires(post): systemd
 Requires(post): systemd-sysv
@@ -62,6 +63,8 @@ echo '#!/bin/bash -l
 . %{_sysconfdir}/xrdp/startwm.sh' > sesman/startwm-bash.sh
 
 %build
+# Do not detect prctl.h
+export ac_cv_header_sys_prctl_h=no
 %configure --enable-fuse --enable-pixman --enable-painter
 %make_build
 
@@ -189,6 +192,9 @@ chmod 400 %{_sysconfdir}/xrdp/key.pem
 %{_libdir}/pkgconfig/rfxcodec.pc
 
 %changelog
+* Fri Apr  7 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.2-4
+- Do not call prctl() from xrdp, use setpriv instead
+
 * Tue Apr  4 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.2-3
 - Do not attempt xrdp restarts, may cause dnf transaction problems
 - Stop depending on Xorg server, xorgxrdp already does