Hello community, here is the log from the commit of package polkit for openSUSE:Factory checked in at 2015-12-09 20:33:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit (Old) and /work/SRC/openSUSE:Factory/.polkit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit" Changes: -------- --- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2015-09-16 10:36:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.polkit.new/polkit.changes 2015-12-09 22:30:00.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Nov 26 16:26:09 UTC 2015 - [email protected] + +- polkit-revert-session-magic.patch: revert a session detection change + that could lead to sessions not being detected as active due to + a systemd bug. bsc#954139 + +------------------------------------------------------------------- New: ---- polkit-revert-session-magic.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit.spec ++++++ --- /var/tmp/diff_new_pack.wymPc7/_old 2015-12-09 22:30:01.000000000 +0100 +++ /var/tmp/diff_new_pack.wymPc7/_new 2015-12-09 22:30:01.000000000 +0100 @@ -37,6 +37,8 @@ Patch0: polkit-no-wheel-group.patch # PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 [email protected] -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support) Patch1: polkit-no-systemd.patch +# PATCH-REVERT-UPSTREAM polkit-revert-session-magic.patch various bugs meissner -- systemd session magic was not updating the user seats correctly +Patch2: polkit-revert-session-magic.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 @@ -129,6 +131,7 @@ %if !(0%{?with_systemd}) %patch1 -p1 %endif +%patch2 -p1 -R %build export V=1 ++++++ polkit-revert-session-magic.patch ++++++ commit a29653ffa99e0809e15aa34afcd7b2df8593871c Author: Philip Withnall <[email protected]> Date: Tue Jun 2 16:19:51 2015 +0100 sessionmonitor-systemd: Use sd_uid_get_state() to check session activity Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off [email protected], rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. https://bugs.freedesktop.org/show_bug.cgi?id=76358 diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 9995f87..2a6c739 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -389,6 +389,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); }
