gdm/0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch

From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 27 Mar 2015 10:10:54 -0400
Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable

This lets the X server know that it can safely drop privileges.

https://bugzilla.gnome.org/show_bug.cgi?id=746891
---
 daemon/gdm-x-session.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c
index dfd6016..3cc7d40 100644
--- a/daemon/gdm-x-session.c
+++ b/daemon/gdm-x-session.c
@@ -195,60 +195,61 @@ spawn_x_server (State        *state,
 {
         GPtrArray           *arguments = NULL;
         GSubprocessLauncher *launcher = NULL;
         GSubprocess         *subprocess = NULL;
         GInputStream        *input_stream = NULL;
         GDataInputStream    *data_stream = NULL;
         GError              *error = NULL;
 
         char     *auth_file;
         gboolean  is_running = FALSE;
         int       ret;
         int       pipe_fds[2];
         char     *display_fd_string = NULL;
         char     *vt_string = NULL;
         char     *display_number;
         gsize     display_number_size;
 
         auth_file = prepare_auth_file ();
 
         g_debug ("Running X server");
 
         ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error);
 
         if (!ret) {
                 g_debug ("could not open pipe: %s", error->message);
                 goto out;
         }
 
         arguments = g_ptr_array_new ();
         launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT);
+        g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE);
         g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO);
 
         if (g_getenv ("XDG_VTNR") != NULL) {
                 int vt;
 
                 vt = atoi (g_getenv ("XDG_VTNR"));
 
                 if (vt > 0 && vt < 64) {
                         vt_string = g_strdup_printf ("vt%d", vt);
                 }
         }
 
         display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO);
 
         g_ptr_array_add (arguments, X_SERVER);
 
         if (vt_string != NULL) {
                 g_ptr_array_add (arguments, vt_string);
         }
 
         g_ptr_array_add (arguments, "-displayfd");
         g_ptr_array_add (arguments, display_fd_string);
 
         g_ptr_array_add (arguments, "-auth");
         g_ptr_array_add (arguments, auth_file);
 
         if (!allow_remote_connections) {
                 g_ptr_array_add (arguments, "-nolisten");
                 g_ptr_array_add (arguments, "tcp");
         }
-- 
2.3.3
- set XORG_RUN_AS_USER_OK in environment 2015-03-27 14:18:01 +00:00			`From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001`
			`From: Ray Strode <rstrode@redhat.com>`
			`Date: Fri, 27 Mar 2015 10:10:54 -0400`
			`Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable`

			`This lets the X server know that it can safely drop privileges.`

			`https://bugzilla.gnome.org/show_bug.cgi?id=746891`
			`---`
			`daemon/gdm-x-session.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c`
			`index dfd6016..3cc7d40 100644`
			`--- a/daemon/gdm-x-session.c`
			`+++ b/daemon/gdm-x-session.c`
			`@@ -195,60 +195,61 @@ spawn_x_server (State *state,`
			`{`
			`GPtrArray *arguments = NULL;`
			`GSubprocessLauncher *launcher = NULL;`
			`GSubprocess *subprocess = NULL;`
			`GInputStream *input_stream = NULL;`
			`GDataInputStream *data_stream = NULL;`
			`GError *error = NULL;`

			`char *auth_file;`
			`gboolean is_running = FALSE;`
			`int ret;`
			`int pipe_fds[2];`
			`char *display_fd_string = NULL;`
			`char *vt_string = NULL;`
			`char *display_number;`
			`gsize display_number_size;`

			`auth_file = prepare_auth_file ();`

			`g_debug ("Running X server");`

			`ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error);`

			`if (!ret) {`
			`g_debug ("could not open pipe: %s", error->message);`
			`goto out;`
			`}`

			`arguments = g_ptr_array_new ();`
			`launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT);`
			`+ g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE);`
			`g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO);`

			`if (g_getenv ("XDG_VTNR") != NULL) {`
			`int vt;`

			`vt = atoi (g_getenv ("XDG_VTNR"));`

			`if (vt > 0 && vt < 64) {`
			`vt_string = g_strdup_printf ("vt%d", vt);`
			`}`
			`}`

			`display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO);`

			`g_ptr_array_add (arguments, X_SERVER);`

			`if (vt_string != NULL) {`
			`g_ptr_array_add (arguments, vt_string);`
			`}`

			`g_ptr_array_add (arguments, "-displayfd");`
			`g_ptr_array_add (arguments, display_fd_string);`

			`g_ptr_array_add (arguments, "-auth");`
			`g_ptr_array_add (arguments, auth_file);`

			`if (!allow_remote_connections) {`
			`g_ptr_array_add (arguments, "-nolisten");`
			`g_ptr_array_add (arguments, "tcp");`
			`}`
			`--`
			`2.3.3`