Bug 233183
Summary: | xinit needs to poke ConsoleKit | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Zeuthen <davidz> | ||||||||||
Component: | xorg-x11-xinit | Assignee: | X/OpenGL Maintenance List <xgl-maint> | ||||||||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||||||||
Severity: | medium | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | rawhide | CC: | ajax, davidz, dwalsh, jmccann, mclasen, nalin, ralston, richard | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | 1.0.2-18.fc7 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2007-04-02 22:19:41 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 228110 | ||||||||||||
Attachments: |
|
Description
David Zeuthen
2007-03-20 20:00:05 UTC
I have a patch to xinit but it needs some changes in ConsoleKit - will coordinate with Jon. *** Bug 234379 has been marked as a duplicate of this bug. *** Created attachment 151476 [details]
updated xinit patch
Created attachment 151478 [details]
Proposed spec file changes.
Created attachment 151479 [details]
Updated spec file changes
Ugh, sorry, forgot the BR.
These patches work for me. OK to commit? Note that ConsoleKit-x11 is a new package that will hit Rawhide tomorrow - see bug 233982 for details. (The xinit patch needs some massaging before it's ready for upstream, mainly just build system stuff to be able to build without ConsoleKit. I'll file it separately on the upstream Xorg bugzilla at fd.o) Created attachment 151481 [details]
Updated spec file changes
Also, we need a bit more BR since we autoreconf..
Got the go-ahead from ajax and krh on IRC; this is in xorg-x11-xinit-1.0.2-18.fc7. (also had to add BR: xorg-x11-util-macros and move man pages references in the spec file from 1x to 1) I'm still seeing this in Raw Hide, with xorg-x11-xinit-1.0.2-18.fc7. Opening a terminal window and running ck-list-sessions gives me: Session1: uid = '2510' realname = 'Nalin Dahyabhai' seat = 'Seat1' session-type = '' active = FALSE x11-display = '' x11-display-device = '' display-device = '/dev/tty1' remote-host-name = '' is-local = TRUE on-since = '2007-04-17T14:45:56Z' idle-since-hint = '2007-04-17T14:47:11Z' The on-since time matches my console login, but 15 minutes passed before I ran "startx" to start a graphical session. If it helps, the $XDG_SESSION_COOKIE value is also an empty string inside of the graphical session. From poking around in /proc, gnome-session has an empty value, while the X server has the correct value. Both are children of xinit. Nalin, does this work in permissive mode? Um, yes, yes it does. OK, the right thing is probably to file a bug against selinux-policy then... Confirmed; this works in permissive mode just fine. (I've been running in permissive mode for a while, because there are a few policy tweaks I need to make that I keep putting off; I didn't even realize that this was still broken in enforcing mode.) No please do not file a bug against SELinux policy. It is better to keep this bug and CC me. That way I get the history. James Ralston, please mail me your audit.log and I will take a look at it. Dan: I appreciate the offer, but the default policy is just fine; I need to tweak it because I've moved the bind chroot from /var/named/chroot to /chroot/named, and configured ntp to use a chroot of /chroot/ntpd. I think that with SELinux, using a dedicated /chroot partition makes more sense than sprinkling chroot areas throughout the filesystem. While this isn't as big of an issue with the "targeted" policy, I think this was particularly noticable at the first SELinux implementation attempt using the "strict" policy, as it was a pain to make sure that SELinux policy permitted the chroot'ed daemons (and any helper applications) to walk down through the filesystem to reach their chroot areas. Creating a separate top-level directory (/chroot) specifically for containing chroot structures should not only simplify SELinux "strict" policy, but make it easier to chroot other daemons: /chroot can be left open, daemons should be allowed into their respective /chroot subdirectory structures, and nothing else should be allowed to descend into any subdirectory of /chroot. This is why I want to roll policy tweaks for /chroot myself; I want to see if that experience makes a compelling argument for isolating chroot structures to a dedicated (and top-level) area of the filesystem. Ok, I have heard similar talk of a /var/chroot. Which makes total sense to me. |