diff options
author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-07-30 00:16:52 +0300 |
---|---|---|
committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-07-30 00:16:52 +0300 |
commit | bb6a14e2f317abf60677c6ad8de9c33d5760bf36 (patch) | |
tree | 00457d3677e86437cec25fd7dab6c4513a53b1a4 /poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch | |
parent | defdca82c107f46e980c84bffb1b2c1263522fa0 (diff) | |
parent | cf6fd27dbd8e2d1b507f8c3752b85801b2c6ef57 (diff) | |
download | openbmc-bb6a14e2f317abf60677c6ad8de9c33d5760bf36.tar.xz |
Merge tag '0.63' of ssh://git-amr-1.devtools.intel.com:29418/openbmc-openbmc into update
Diffstat (limited to 'poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch')
-rw-r--r-- | poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch | 227 |
1 files changed, 0 insertions, 227 deletions
diff --git a/poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch b/poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch deleted file mode 100644 index 89ef39bc3..000000000 --- a/poky/meta/recipes-core/systemd/systemd/0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch +++ /dev/null @@ -1,227 +0,0 @@ -From 150d9cade6d475570395cb418b824524dead9577 Mon Sep 17 00:00:00 2001 -From: Joshua Watt <JPEWhacker@gmail.com> -Date: Fri, 30 Oct 2020 08:15:43 -0500 -Subject: [PATCH] logind: Restore chvt as non-root user without polkit - -4acf0cfd2f ("logind: check PolicyKit before allowing VT switch") broke -the ability to write user sessions that run graphical sessions (e.g. -weston/X11). This was partially amended in 19bb87fbfa ("login: allow -non-console sessions to change vt") by changing the default PolicyKit -policy so that non-root users are again allowed to switch the VT. This -makes the policy when PolKit is not enabled (as on many embedded -systems) match the default PolKit policy and allows launching graphical -sessions as a non-root user. - -Closes #17473 ---- - src/login/logind-dbus.c | 11 ++------- - src/login/logind-polkit.c | 26 +++++++++++++++++++++ - src/login/logind-polkit.h | 10 ++++++++ - src/login/logind-seat-dbus.c | 41 ++++----------------------------- - src/login/logind-session-dbus.c | 11 ++------- - src/login/meson.build | 1 + - 6 files changed, 46 insertions(+), 54 deletions(-) - create mode 100644 src/login/logind-polkit.c - create mode 100644 src/login/logind-polkit.h - -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index 0f83ed99bc..a3765d88ba 100644 ---- a/src/login/logind-dbus.c -+++ b/src/login/logind-dbus.c -@@ -30,6 +30,7 @@ - #include "format-util.h" - #include "fs-util.h" - #include "logind-dbus.h" -+#include "logind-polkit.h" - #include "logind-seat-dbus.h" - #include "logind-session-dbus.h" - #include "logind-user-dbus.h" -@@ -1047,15 +1048,7 @@ static int method_activate_session_on_seat(sd_bus_message *message, void *userda - return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, - "Session %s not on seat %s", session_name, seat_name); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &m->polkit_registry, -- error); -+ r = check_polkit_chvt(message, m, error); - if (r < 0) - return r; - if (r == 0) -diff --git a/src/login/logind-polkit.c b/src/login/logind-polkit.c -new file mode 100644 -index 0000000000..9072570cc6 ---- /dev/null -+++ b/src/login/logind-polkit.c -@@ -0,0 +1,26 @@ -+/* SPDX-License-Identifier: LGPL-2.1+ */ -+ -+#include "bus-polkit.h" -+#include "logind-polkit.h" -+#include "missing_capability.h" -+#include "user-util.h" -+ -+int check_polkit_chvt(sd_bus_message *message, Manager *manager, sd_bus_error *error) { -+#if ENABLE_POLKIT -+ return bus_verify_polkit_async( -+ message, -+ CAP_SYS_ADMIN, -+ "org.freedesktop.login1.chvt", -+ NULL, -+ false, -+ UID_INVALID, -+ &manager->polkit_registry, -+ error); -+#else -+ /* Allow chvt when polkit is not present. This allows a service to start a graphical session as a -+ * non-root user when polkit is not compiled in, matching the default polkit policy */ -+ return 1; -+#endif -+} -+ -+ -diff --git a/src/login/logind-polkit.h b/src/login/logind-polkit.h -new file mode 100644 -index 0000000000..476c077a8a ---- /dev/null -+++ b/src/login/logind-polkit.h -@@ -0,0 +1,10 @@ -+/* SPDX-License-Identifier: LGPL-2.1+ */ -+#pragma once -+ -+#include "sd-bus.h" -+ -+#include "bus-object.h" -+#include "logind.h" -+ -+int check_polkit_chvt(sd_bus_message *message, Manager *manager, sd_bus_error *error); -+ -diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c -index a945132284..f22e9e2734 100644 ---- a/src/login/logind-seat-dbus.c -+++ b/src/login/logind-seat-dbus.c -@@ -9,6 +9,7 @@ - #include "bus-polkit.h" - #include "bus-util.h" - #include "logind-dbus.h" -+#include "logind-polkit.h" - #include "logind-seat-dbus.h" - #include "logind-seat.h" - #include "logind-session-dbus.h" -@@ -179,15 +180,7 @@ static int method_activate_session(sd_bus_message *message, void *userdata, sd_b - if (session->seat != s) - return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, "Session %s not on seat %s", name, s->id); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &s->manager->polkit_registry, -- error); -+ r = check_polkit_chvt(message, s->manager, error); - if (r < 0) - return r; - if (r == 0) -@@ -215,15 +208,7 @@ static int method_switch_to(sd_bus_message *message, void *userdata, sd_bus_erro - if (to <= 0) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid virtual terminal"); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &s->manager->polkit_registry, -- error); -+ r = check_polkit_chvt(message, s->manager, error); - if (r < 0) - return r; - if (r == 0) -@@ -243,15 +228,7 @@ static int method_switch_to_next(sd_bus_message *message, void *userdata, sd_bus - assert(message); - assert(s); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &s->manager->polkit_registry, -- error); -+ r = check_polkit_chvt(message, s->manager, error); - if (r < 0) - return r; - if (r == 0) -@@ -271,15 +248,7 @@ static int method_switch_to_previous(sd_bus_message *message, void *userdata, sd - assert(message); - assert(s); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &s->manager->polkit_registry, -- error); -+ r = check_polkit_chvt(message, s->manager, error); - if (r < 0) - return r; - if (r == 0) -diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c -index ccc5ac8df2..57c8a4e900 100644 ---- a/src/login/logind-session-dbus.c -+++ b/src/login/logind-session-dbus.c -@@ -11,6 +11,7 @@ - #include "fd-util.h" - #include "logind-brightness.h" - #include "logind-dbus.h" -+#include "logind-polkit.h" - #include "logind-seat-dbus.h" - #include "logind-session-dbus.h" - #include "logind-session-device.h" -@@ -192,15 +193,7 @@ int bus_session_method_activate(sd_bus_message *message, void *userdata, sd_bus_ - assert(message); - assert(s); - -- r = bus_verify_polkit_async( -- message, -- CAP_SYS_ADMIN, -- "org.freedesktop.login1.chvt", -- NULL, -- false, -- UID_INVALID, -- &s->manager->polkit_registry, -- error); -+ r = check_polkit_chvt(message, s->manager, error); - if (r < 0) - return r; - if (r == 0) -diff --git a/src/login/meson.build b/src/login/meson.build -index 0a7d3d5440..7e46be2add 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -26,6 +26,7 @@ liblogind_core_sources = files(''' - logind-device.h - logind-inhibit.c - logind-inhibit.h -+ logind-polkit.c - logind-seat-dbus.c - logind-seat-dbus.h - logind-seat.c --- -2.28.0 - |