- set XORG_RUN_AS_USER_OK in environment

0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch

@@ -0,0 +1,81 @@
+From 798a1ad79bdb937c4b0c9008562cd543acaf3206 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Fri, 27 Mar 2015 10:10:54 -0400
+Subject: [PATCH] gdm-x-session: set XORG_RUN_AS_USER_OK=1 environment variable
+
+This lets the X server know that it can safely drop privileges.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=746891
+---
+ daemon/gdm-x-session.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/daemon/gdm-x-session.c b/daemon/gdm-x-session.c
+index dfd6016..3cc7d40 100644
+--- a/daemon/gdm-x-session.c
++++ b/daemon/gdm-x-session.c
+@@ -195,60 +195,61 @@ spawn_x_server (State        *state,
+ {
+         GPtrArray           *arguments = NULL;
+         GSubprocessLauncher *launcher = NULL;
+         GSubprocess         *subprocess = NULL;
+         GInputStream        *input_stream = NULL;
+         GDataInputStream    *data_stream = NULL;
+         GError              *error = NULL;
+ 
+         char     *auth_file;
+         gboolean  is_running = FALSE;
+         int       ret;
+         int       pipe_fds[2];
+         char     *display_fd_string = NULL;
+         char     *vt_string = NULL;
+         char     *display_number;
+         gsize     display_number_size;
+ 
+         auth_file = prepare_auth_file ();
+ 
+         g_debug ("Running X server");
+ 
+         ret = g_unix_open_pipe (pipe_fds, FD_CLOEXEC, &error);
+ 
+         if (!ret) {
+                 g_debug ("could not open pipe: %s", error->message);
+                 goto out;
+         }
+ 
+         arguments = g_ptr_array_new ();
+         launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDIN_INHERIT);
++        g_subprocess_launcher_setenv (launcher, "XORG_RUN_AS_USER_OK", "1", TRUE);
+         g_subprocess_launcher_take_fd (launcher, pipe_fds[1], DISPLAY_FILENO);
+ 
+         if (g_getenv ("XDG_VTNR") != NULL) {
+                 int vt;
+ 
+                 vt = atoi (g_getenv ("XDG_VTNR"));
+ 
+                 if (vt > 0 && vt < 64) {
+                         vt_string = g_strdup_printf ("vt%d", vt);
+                 }
+         }
+ 
+         display_fd_string = g_strdup_printf ("%d", DISPLAY_FILENO);
+ 
+         g_ptr_array_add (arguments, X_SERVER);
+ 
+         if (vt_string != NULL) {
+                 g_ptr_array_add (arguments, vt_string);
+         }
+ 
+         g_ptr_array_add (arguments, "-displayfd");
+         g_ptr_array_add (arguments, display_fd_string);
+ 
+         g_ptr_array_add (arguments, "-auth");
+         g_ptr_array_add (arguments, auth_file);
+ 
+         if (!allow_remote_connections) {
+                 g_ptr_array_add (arguments, "-nolisten");
+                 g_ptr_array_add (arguments, "tcp");
+         }
+-- 
+2.3.3
+

gdm.spec

@@ -11,7 +11,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 3.16.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@@ -19,6 +19,7 @@ URL: https://wiki.gnome.org/Projects/GDM
 #VCS: git:git://git.gnome.org/gdm
 Source: http://download.gnome.org/sources/gdm/3.16/gdm-%{version}.tar.xz
 Source1: org.gnome.login-screen.gschema.override
+Patch0: 0001-gdm-x-session-set-XORG_RUN_AS_USER_OK-1-environment-.patch
 
 BuildRequires: pam-devel >= 0:%{pam_version}
 BuildRequires: fontconfig >= 0:%{fontconfig_version}
@@ -104,6 +105,7 @@ files needed to build custom greeters.
 
 %prep
 %setup -q
+%patch0 -p1 -b .xorg-run-as-user-ok
 
 autoreconf -i -f
 intltoolize -f
@@ -294,6 +296,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
 %{_libdir}/pkgconfig/gdm.pc
 
 %changelog
+* Fri Mar 27 2015 Ray Strode <rstrode@redhat.com> 3.16.0.1-2
+- set XORG_RUN_AS_USER_OK in environment
+
 * Tue Mar 24 2015 Kalev Lember <kalevlember@gmail.com> - 1:3.16.0.1-1
 - Update to 3.16.0.1