Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/gnome/gdm/patches/0005-smf-contracts.patch
changeset 7201 bcc18175756d 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gnome/gdm/patches/0005-smf-contracts.patch	Mon Oct 31 18:25:15 2016 -0700
@@ -0,0 +1,233 @@
+From 1564b58074df543f4e90b2fee79199c5dd36afca Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <[email protected]>
+Date: Tue, 29 Dec 2015 13:35:20 -0800
+Subject: [PATCH 05/19] smf contracts
+
+Bug 15491359 - SUNBT6720967 gdm is insufficiently contract-aware
+Original date:2008-05-05 owner:yippi type:feature doo:14007
+---
+ acconfig.h                      |   1 +
+ configure.ac                    |   8 +++
+ daemon/gdm-session-worker-job.c | 151 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 160 insertions(+)
+
+diff --git a/acconfig.h b/acconfig.h
+index c8a1d96..a6bd4be 100644
+--- a/acconfig.h
++++ b/acconfig.h
+@@ -28,6 +28,7 @@
+ #undef HAVE_SETENV
+ #undef HAVE_SETRESUID
+ #undef HAVE_SHADOW
++#undef HAVE_SMF_CONTRACTS
+ #undef HAVE_SOLARIS_XINERAMA
+ #undef HAVE_STPCPY
+ #undef HAVE_SYS_SOCKIO_H
+diff --git a/configure.ac b/configure.ac
+index 0ada667..5e97a41 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -965,6 +965,14 @@ if test "x$enable_rbac_shutdown" != "xno"; then
+ fi
+ AC_SUBST(RBAC_LIBS)
+ 
++dnl ---------------------------------------------------------------------------
++dnl check for Solaris SMF contract support
++dnl ---------------------------------------------------------------------------
++
++AC_MSG_CHECKING(for Solaris SMF contract support)
++AC_CHECK_LIB(contract, ct_tmpl_activate, [
++			AC_DEFINE(HAVE_SMF_CONTRACTS)
++                            EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lcontract" ])
+ 
+ dnl ---------------------------------------------------------------------------
+ dnl check for backtrace support
+diff --git a/daemon/gdm-session-worker-job.c b/daemon/gdm-session-worker-job.c
+index 52a6e9f..a1363e9 100644
+--- a/daemon/gdm-session-worker-job.c
++++ b/daemon/gdm-session-worker-job.c
+@@ -45,6 +45,13 @@
+ #include <systemd/sd-journal.h>
+ #endif
+ 
++#ifdef HAVE_SMF_CONTRACTS
++#include <sys/ctfs.h>
++#include <sys/contract.h>
++#include <sys/contract/process.h>
++#include <libcontract.h>
++#endif
++
+ #include <glib.h>
+ #include <glib/gi18n.h>
+ #include <glib-object.h>
+@@ -117,9 +124,145 @@ session_worker_job_setup_journal_fds (void)
+         return;
+ }
+ 
++#ifdef HAVE_SMF_CONTRACTS
++static int contracts_fd = -1;
++
++static void
++contracts_pre_fork (void)
++{
++        const char *errmsg = "opening process contract template";
++
++        /*
++         * On failure, just continue since it is better to start with
++         * children in the same contract than to not start them at all.
++         */
++        if (contracts_fd == -1) {
++                if ((contracts_fd = open64 (CTFS_ROOT "/process/template",
++                                            O_RDWR)) == -1)
++                        goto exit;
++
++                errmsg = "setting contract terms";
++                if ((errno = ct_pr_tmpl_set_param (contracts_fd, CT_PR_PGRPONLY)))
++                        goto exit;
++
++                if ((errno = ct_tmpl_set_informative (contracts_fd, CT_PR_EV_HWERR)))
++                        goto exit;
++
++                if ((errno = ct_pr_tmpl_set_fatal (contracts_fd, CT_PR_EV_HWERR)))
++                        goto exit;
++
++                if ((errno = ct_tmpl_set_critical (contracts_fd, 0)))
++                        goto exit;
++        }
++
++        errmsg = "setting active template";
++        if ((errno = ct_tmpl_activate (contracts_fd)))
++                goto exit;
++
++        g_debug ("Set active contract");
++        return;
++
++exit:
++        if (contracts_fd != -1)
++                (void) close (contracts_fd);
++
++        contracts_fd = -1;
++
++        if (errno) {
++                g_debug ("Error setting up active contract template: %s while %s",
++                         strerror (errno), errmsg);
++        }
++}
++
++static void
++contracts_post_fork_child (void)
++{
++        /* Clear active template so no new contracts are created on fork */
++        if (contracts_fd == -1)
++                return;
++
++        if ((errno = (ct_tmpl_clear (contracts_fd)))) {
++                g_debug (
++                        "Error clearing active contract template (child): %s",
++                        strerror (errno));
++        } else {
++                g_debug ("Cleared active contract template (child)");
++        }
++
++        (void) close (contracts_fd);
++
++        contracts_fd = -1;
++}
++
++static void
++contracts_post_fork_parent (int fork_succeeded)
++{
++        char path[PATH_MAX];
++        int cfd;
++        ct_stathdl_t status;
++        ctid_t latest;
++
++        /* Clear active template, abandon latest contract. */
++        if (contracts_fd == -1)
++                return;
++
++        if ((errno = ct_tmpl_clear (contracts_fd)))
++                g_debug ("Error while clearing active contract template: %s",
++                         strerror (errno));
++        else
++                g_debug ("Cleared active contract template (parent)");
++
++        if (!fork_succeeded)
++                return;
++
++        if ((cfd = open64 (CTFS_ROOT "/process/latest", O_RDONLY)) == -1) {
++                g_debug ("Error getting latest contract: %s",
++                         strerror(errno));
++                return;
++        }
++
++        if ((errno = ct_status_read (cfd, CTD_COMMON, &status)) != 0) {
++                g_debug ("Error getting latest contract ID: %s",
++                         strerror(errno));
++                (void) close (cfd);
++                return;
++        }
++
++        latest = ct_status_get_id (status);
++        ct_status_free (status);
++        (void) close (cfd);
++
++        if ((snprintf (path, PATH_MAX, CTFS_ROOT "/all/%ld/ctl",
++                       (long) latest)) >= PATH_MAX) {
++                g_debug ("Error opening the latest contract ctl file: %s",
++                         strerror (ENAMETOOLONG));
++                return;
++        }
++
++        cfd = open64 (path, O_WRONLY);
++        if (cfd == -1) {
++                g_debug ("Error opening the latest contract ctl file: %s",
++                         strerror (errno));
++                return;
++        }
++
++        if ((errno = ct_ctl_abandon (cfd)))
++                g_debug ("Error abandoning latest contract: %s",
++                         strerror (errno));
++        else
++                g_debug ("Abandoned latest contract");
++
++        (void) close (cfd);
++}
++#endif /* HAVE_SMF_CONTRACTS */
++
+ static void
+ session_worker_job_child_setup (GdmSessionWorkerJob *session_worker_job)
+ {
++#ifdef HAVE_SMF_CONTRACTS
++        contracts_post_fork_child ();
++#endif
++
+         session_worker_job_setup_journal_fds ();
+ 
+         /* Terminate the process when the parent dies */
+@@ -273,6 +416,10 @@ gdm_session_worker_job_spawn (GdmSessionWorkerJob *session_worker_job,
+         }
+         env = get_job_environment (session_worker_job);
+ 
++#ifdef HAVE_SMF_CONTRACTS
++        contracts_pre_fork ();
++#endif
++
+         error = NULL;
+         ret = g_spawn_async_with_pipes (NULL,
+                                         (char **) args->pdata,
+@@ -286,6 +433,10 @@ gdm_session_worker_job_spawn (GdmSessionWorkerJob *session_worker_job,
+                                         NULL,
+                                         &error);
+ 
++#ifdef HAVE_SMF_CONTRACTS
++        contracts_post_fork_parent ((session_worker_job->priv->pid > 0));
++#endif
++
+         g_ptr_array_foreach (args, (GFunc)g_free, NULL);
+         g_ptr_array_free (args, TRUE);
+ 
+-- 
+2.7.4
+
upstream/oracle/userland-gate