Date: Sunday, April 24, 2016 @ 13:36:52 Author: heftig Revision: 266108
1.2.0-2 Added: networkmanager/trunk/hidepid.patch Modified: networkmanager/trunk/NetworkManager.conf networkmanager/trunk/PKGBUILD ---------------------+ NetworkManager.conf | 6 ----- PKGBUILD | 28 ++++++++++++++++++------- hidepid.patch | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 13 deletions(-) Modified: NetworkManager.conf =================================================================== --- NetworkManager.conf 2016-04-24 10:59:47 UTC (rev 266107) +++ NetworkManager.conf 2016-04-24 11:36:52 UTC (rev 266108) @@ -1,12 +1,8 @@ [main] plugins=keyfile -dhcp=dhclient +dhcp=internal dns=default -## Set static hostname -#[keyfile] -#hostname=foobar - ## HTTP-based connectivity check #[connectivity] #uri=http://nmcheck.gnome.org/check_network_status.txt Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-04-24 10:59:47 UTC (rev 266107) +++ PKGBUILD 2016-04-24 11:36:52 UTC (rev 266108) @@ -9,25 +9,32 @@ pkgbase=networkmanager pkgname=(networkmanager libnm-glib) pkgver=1.2.0 -pkgrel=1 +pkgrel=2 pkgdesc="Network Management daemon" arch=(i686 x86_64) license=(GPL2 LGPL2.1) url="http://www.gnome.org/projects/NetworkManager/"; _pppver=2.4.7 -makedepends=(intltool dhclient iptables gobject-introspection gtk-doc "ppp=$_pppver" - modemmanager dbus-glib iproute2 libnl nss polkit wpa_supplicant libsoup - systemd libgudev libmm-glib rp-pppoe libnewt libndp libteam vala perl-yaml - python-gobject) +makedepends=(intltool dhclient iptables gobject-introspection gtk-doc + "ppp=$_pppver" modemmanager dbus-glib iproute2 nss polkit + wpa_supplicant libsoup systemd libgudev libmm-glib rp-pppoe + libnewt libndp libteam vala perl-yaml python-gobject) checkdepends=(libx11 python-dbus) source=(https://download.gnome.org/sources/NetworkManager/${pkgver:0:3}/NetworkManager-$pkgver.tar.xz + hidepid.patch NetworkManager.conf) sha256sums=('e947cf30fa3d19dce88e6f6af51f06dc282b7db7996f946aaa37b03526ef2a80' - '2c6a647b5aec9f3c356d5d95251976a21297c6e64bd8d2a59339f8450a86cb3b') + '1de5b511b6b4a933739b0ef48ede1830fa3d6dea2277c1302b12b08fa83a73f1' + '452e4f77c1de92b1e08f6f58674a6c52a2b2d65b7deb0ba436e9afa91ee15103') prepare() { cd NetworkManager-$pkgver + + # https://bugs.archlinux.org/task/48984 + patch -Np1 -i ../hidepid.patch + 2to3 -w libnm src tools + NOCONFIGURE=1 ./autogen.sh } @@ -59,6 +66,8 @@ --enable-doc \ --enable-gtk-doc + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' -e 's/ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then/ func_append compile_command " -Wl,-O1,--as-needed"\n func_append finalize_command " -Wl,-O1,--as-needed"\n\0/' libtool + make } @@ -68,13 +77,14 @@ } package_networkmanager() { - depends=(libnm-glib iproute2 libnl polkit wpa_supplicant dhclient libsoup - libmm-glib libnewt libndp libteam libgudev) + depends=(libnm-glib iproute2 polkit wpa_supplicant libsoup libmm-glib + libnewt libndp libteam) optdepends=('dnsmasq: connection sharing' 'bluez: Bluetooth support' 'openresolv: resolvconf support' 'ppp: dialup connection support' 'rp-pppoe: ADSL support' + 'dhclient: External DHCP client' 'modemmanager: cellular network support') backup=('etc/NetworkManager/NetworkManager.conf') @@ -93,6 +103,8 @@ install -m755 -d "$pkgdir/etc/NetworkManager/dnsmasq.d" rm -r "$pkgdir/var/run" + rmdir -p --ignore-fail-on-non-empty \ + "$pkgdir"/usr/{share/{vala/vapi,gir-1.0},lib/girepository-1.0} } package_libnm-glib() { Added: hidepid.patch =================================================================== --- hidepid.patch (rev 0) +++ hidepid.patch 2016-04-24 11:36:52 UTC (rev 266108) @@ -0,0 +1,54 @@ +From 4f06ae603e268f237d439afe3f3e7e662a0c2727 Mon Sep 17 00:00:00 2001 +From: Thomas Haller <[email protected]> +Date: Fri, 22 Apr 2016 11:36:26 +0200 +Subject: auth: allow failures to read process start_time from /proc/$PID/stat + with hidepid + +When mounting /proc with hidepid, we might fail to read the +start-time of the process from /proc/$PID/stat. In this case, +we should just accept a start-time of zero. + +On the other side of authentication, polkit should accept a zero +start-time too. + +nm_utils_get_start_time_for_pid() has other uses in NetworkManager, +mostly when killing a process from a PIDFILE or during +nm_utils_kill_process_sync(). In both these cases, this will only +succeed if we try to kill a process that also runs a root. + +For processes started by the current instance, we don't care about the +PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem +with hidepid there. + +https://bugzilla.gnome.org/show_bug.cgi?id=764502 +(cherry picked from commit 3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03) + +diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c +index 494d52d..86b873f 100644 +--- a/src/nm-auth-subject.c ++++ b/src/nm-auth-subject.c +@@ -360,9 +360,18 @@ constructed (GObject *object) + priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL); + + if (!priv->unix_process.start_time) { +- /* could not detect the process start time. The subject is invalid, but don't +- * assert against it. */ +- _clear_private (priv); ++ /* Is the process already gone? Then fail creation of the auth subject ++ * by clearing the type. */ ++ if (kill (priv->unix_process.pid, 0) != 0) ++ _clear_private (priv); ++ ++ /* Otherwise, although we didn't detect a start_time, the process is still around. ++ * That could be due to procfs mounted with hidepid. So just accept the request. ++ * ++ * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat ++ * itself (and if it fails to do so, assume a start-time of 0 and proceed). ++ * The only combination that would fail here, is when NM is able to read the ++ * start-time, but polkit is not. */ + } + return; + default: +-- +cgit v0.10.2 +
