rpms/mutter
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix polyinstantiation preventing Xwayland to start

Browse Source 
Resolves: RHEL-90588
This commit is contained in:
Olivier Fourdan 2025-05-12 10:42:31 +02:00
parent f907998194
commit 3fa3a3a33a
4 changed files with 181 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
0001-xwayland-Relax-the-ownership-requirements-of-tmp-.X1.patch Normal file
View File

@ -0,0 +1,104 @@
From 9a9d5744143846f2fbc5da983070592217a344eb Mon Sep 17 00:00:00 2001
From: Sebastian Wick <sebastian.wick@redhat.com>
Date: Fri, 28 Jan 2022 15:49:11 +0100
Subject: [PATCH 1/3] xwayland: Relax the ownership requirements of
/tmp/.X11-unix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `ensure_x11_unix_perms` function tries to detect systems on which
/tmp/.X11-unix is owned by neither root nor ourselves because in that
case the owner can take over the socket we create (symlink races are
fixed in linux 800179c9b8a1e796e441674776d11cd4c05d61d7). This should
not be possible in the first place and systems should come with some way
to ensure that's the case (systemd-tmpfiles, polyinstantiationm …). That
check however only works if we see the root user namespace which might
not be the case when running in e.g. toolbx.
This change relaxes the requirements such that in the root user
namespace we detect and abort if a vulnerable system is detected but
unconditionally run in toolbx.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2261>
(cherry picked from commit abadb291325e003c4afa054437303ee5b66af8a0)
---
src/wayland/meta-xwayland.c | 34 +++++++++++++++++++++++++++-------
1 file changed, 27 insertions(+), 7 deletions(-)
diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
index c5a9303df9..2ca555ad65 100644
--- a/src/wayland/meta-xwayland.c
+++ b/src/wayland/meta-xwayland.c
@@ -59,6 +59,7 @@
#define XWAYLAND_LISTENFD "-listen"
#endif
+#define TMP_UNIX_DIR "/tmp"
#define X11_TMP_UNIX_DIR "/tmp/.X11-unix"
#define X11_TMP_UNIX_PATH "/tmp/.X11-unix/X"
@@ -651,9 +652,18 @@ meta_xwayland_override_display_number (int number)
static gboolean
ensure_x11_unix_perms (GError **error)
{
- struct stat buf;
-
- if (lstat (X11_TMP_UNIX_DIR, &buf) != 0)
+ /* Try to detect systems on which /tmp/.X11-unix is owned by neither root nor
+ * ourselves because in that case the owner can take over the socket we create
+ * (symlink races are fixed in linux 800179c9b8a1). This should not be
+ * possible in the first place and systems should come with some way to ensure
+ * that's the case (systemd-tmpfiles, polyinstantiation …).
+ *
+ * That check however only works if we see the root user namespace which might
+ * not be the case when running in e.g. toolbx (root and other user are all
+ * mapped to overflowuid). */
+ struct stat x11_tmp, tmp;
+
+ if (lstat (X11_TMP_UNIX_DIR, &x11_tmp) != 0)
{
g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
"Failed to check permissions on directory \"%s\": %s",
@@ -661,8 +671,18 @@ ensure_x11_unix_perms (GError **error)
return FALSE;
}
- /* If the directory already exists, it should belong to root or ourselves ... */
- if (buf.st_uid != 0 && buf.st_uid != getuid ())
+ if (lstat (TMP_UNIX_DIR, &tmp) != 0)
+ {
+ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errno),
+ "Failed to check permissions on directory \"%s\": %s",
+ TMP_UNIX_DIR, g_strerror (errno));
+ return FALSE;
+ }
+
+ /* If the directory already exists, it should belong to the same
+ * user as /tmp or belong to ourselves ...
+ * (if /tmp is not owned by root or ourselves we're in deep trouble) */
+ if (x11_tmp.st_uid != tmp.st_uid && x11_tmp.st_uid != getuid ())
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
"Wrong ownership for directory \"%s\"",
@@ -671,7 +691,7 @@ ensure_x11_unix_perms (GError **error)
}
/* ... be writable ... */
- if ((buf.st_mode & 0022) != 0022)
+ if ((x11_tmp.st_mode & 0022) != 0022)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
"Directory \"%s\" is not writable",
@@ -680,7 +700,7 @@ ensure_x11_unix_perms (GError **error)
}
/* ... and have the sticky bit set */
- if ((buf.st_mode & 01000) != 01000)
+ if ((x11_tmp.st_mode & 01000) != 01000)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
"Directory \"%s\" is missing the sticky bit",
--
2.50.0

31
0002-Be-more-verbose-about-permissions-of-tmp-.X11-unix.patch Normal file
View File

@ -0,0 +1,31 @@
From 1a5015dff70c2465e0a8a3df77ace8f0fbb3b20a Mon Sep 17 00:00:00 2001
From: Nathan Pratta Teodosio <nathan.teodosio@canonical.com>
Date: Thu, 29 Aug 2024 09:25:13 +0200
Subject: [PATCH 2/3] Be more verbose about permissions of /tmp/{,.X11-unix}.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3984>
(cherry picked from commit 4dbaa8178116649076bf542a5eaf42d4ce804e5b)
---
src/wayland/meta-xwayland.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
index 2ca555ad65..7db122e8da 100644
--- a/src/wayland/meta-xwayland.c
+++ b/src/wayland/meta-xwayland.c
@@ -685,8 +685,10 @@ ensure_x11_unix_perms (GError **error)
if (x11_tmp.st_uid != tmp.st_uid && x11_tmp.st_uid != getuid ())
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
- "Wrong ownership for directory \"%s\"",
- X11_TMP_UNIX_DIR);
+ "Wrong ownership for directory \"%s\", owned by %d but "
+ "should be same as %s (owned by (%d)) or %d",
+ X11_TMP_UNIX_DIR, x11_tmp.st_uid, TMP_UNIX_DIR, tmp.st_uid,
+ getuid ());
return FALSE;
}
--
2.50.0

34
0003-Use-access-instead-of-checking-permission-modes-for-.patch Normal file
View File

@ -0,0 +1,34 @@
From 58652bcf5fc379fd07d2cf9cc2b23d469df33f20 Mon Sep 17 00:00:00 2001
From: Nathan Pratta Teodosio <nathan.teodosio@canonical.com>
Date: Fri, 13 Jun 2025 11:24:24 +0200
Subject: [PATCH 3/3] Use 'access' instead of checking permission modes for
/tmp/.X11-unix/.
The previous version was missing the 200 case with the directory owned by the
current user.
C.f. https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7857,
https://launchpad.net/bugs/2069564.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3984>
(cherry picked from commit 36ca36b48e7efd6846fac7533a4f2e97959a8ad6)
---
src/wayland/meta-xwayland.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/wayland/meta-xwayland.c b/src/wayland/meta-xwayland.c
index 7db122e8da..c2e094e43c 100644
--- a/src/wayland/meta-xwayland.c
+++ b/src/wayland/meta-xwayland.c
@@ -693,7 +693,7 @@ ensure_x11_unix_perms (GError **error)
}
/* ... be writable ... */
- if ((x11_tmp.st_mode & 0022) != 0022)
+ if (access (X11_TMP_UNIX_DIR, W_OK) != 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
"Directory \"%s\" is not writable",
--
2.50.0

13
mutter.spec
View File

@ -10,7 +10,7 @@
Name: mutter
Version: 40.9
Release: 25%{?dist}
Release: 26%{?dist}
Summary: Window and compositing manager based on Clutter
License: GPLv2+
@ -155,6 +155,13 @@ Patch67: double-key-event-handling.patch
# RHEL-31742
Patch68: 0001-backends-Avoid-disabling-touchscreen-outside-of-touc.patch
# RHEL-90588
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2261
Patch69: 0001-xwayland-Relax-the-ownership-requirements-of-tmp-.X1.patch
# https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3984
Patch70: 0002-Be-more-verbose-about-permissions-of-tmp-.X11-unix.patch
Patch71: 0003-Use-access-instead-of-checking-permission-modes-for-.patch
BuildRequires: chrpath
BuildRequires: pango-devel
BuildRequires: startup-notification-devel
@ -302,6 +309,10 @@ desktop-file-validate %{buildroot}/%{_datadir}/applications/%{name}.desktop
%{_datadir}/mutter-%{mutter_api_version}/tests
%changelog
* Mon May 12 2025 Olivier Fourdan <ofourdan@redhat.com> - 40.9-26
- Fix polyinstantiation preventing Xwayland to start
Resolves: RHEL-90588
* Thu Apr 24 2025 Carlos Garnacho <cgarnach@redhat.com> - 40.9-25
- Do not disable touchscreen on DPMS off if touch-mode is disabled
Resolves: RHEL-31742