Avoid SELinux context transition after prctl() call by using setpriv.

xrdp-0.9.2-sesman.patch

@@ -1,5 +1,5 @@
---- xrdp-0.9.1/sesman/sesman.ini.orig	2016-12-23 04:02:47.000000000 +1100
+--- xrdp-0.9.2-vanilla/sesman/sesman.ini	2017-02-20 18:11:37.000000000 +1100
-+++ xrdp-0.9.1/sesman/sesman.ini	2017-03-14 15:31:29.560167402 +1100
++++ xrdp-0.9.2/sesman/sesman.ini	2017-04-07 11:03:29.929069805 +1000
 @@ -3,7 +3,7 @@
  ListenPort=3350
  EnableUserWindowManager=true
@@ -9,7 +9,7 @@
  
  [Security]
  AllowRootLogin=true
-@@ -61,12 +61,12 @@
+@@ -54,12 +54,12 @@
  EnableSyslog=1
  SyslogLevel=DEBUG
  
@@ -28,3 +28,12 @@
  
  [Xvnc]
  param=Xvnc
+@@ -71,6 +71,8 @@
+ param=96
+ 
+ [Xorg]
++param=setpriv
++param=--no-new-privs
+ param=Xorg
+ param=-config
+ param=xrdp/xorg.conf

xrdp.spec

@@ -4,7 +4,7 @@ Summary:   Open source remote desktop protocol (RDP) server
 Name:      xrdp
 Epoch:     1
 Version:   0.9.2
-Release:   3%{?dist}
+Release:   4%{?dist}
 License:   ASL 2.0
 Group:     Applications/Internet
 URL:       http://www.xrdp.org/
@@ -34,6 +34,7 @@ Requires: tigervnc-server-minimal
 # xorgxrdp is another back end (small, so require it too)
 Requires: xorgxrdp
 Requires: xorg-x11-xinit
+Requires: util-linux
 
 Requires(post): systemd
 Requires(post): systemd-sysv
@@ -62,6 +63,8 @@ echo '#!/bin/bash -l
 . %{_sysconfdir}/xrdp/startwm.sh' > sesman/startwm-bash.sh
 
 %build
+# Do not detect prctl.h
+export ac_cv_header_sys_prctl_h=no
 %configure --enable-fuse --enable-pixman --enable-painter
 %make_build
 
@@ -189,6 +192,9 @@ chmod 400 %{_sysconfdir}/xrdp/key.pem
 %{_libdir}/pkgconfig/rfxcodec.pc
 
 %changelog
+* Fri Apr  7 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.2-4
+- Do not call prctl() from xrdp, use setpriv instead
+
 * Tue Apr  4 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.2-3
 - Do not attempt xrdp restarts, may cause dnf transaction problems
 - Stop depending on Xorg server, xorgxrdp already does