Commit Graph

16 Commits

Author SHA1 Message Date
Jasper St. Pierre
8cb9cfb7b8 Revert "meta-weston-launch: Call VT_ACTIVATE ourselves"
This reverts commit ebe6e3180e.

This is wrong, as mutter's controlling TTY may not be the same
as the active VT, and in fact won't be in the case of systemd
spawning us.

The "correct" API for this is to use David Herrmann's
"Session Positions" system to switch to another VT:

  http://lists.freedesktop.org/archives/systemd-devel/2013-December/014956.html
2014-01-16 13:42:07 -05:00
Jasper St. Pierre
ebe6e3180e meta-weston-launch: Call VT_ACTIVATE ourselves
We don't need any special permissions, so we don't need to go through
weston-launch to do so...
2013-12-31 19:22:16 -05:00
Jasper St. Pierre
1c0e6f26e2 mutter-launch: Don't test the argument name to validate launching things
Somebody could do:

  $ mv my-evil-program mutter-wayland
  $ PATH=.:$PATH mutter-launch mutter-wayland

It's not secure, and it's hard to test with, so just drop it for now
We'll be relying on logind to hand us permissions in the future.
2013-11-20 17:07:03 -05:00
Giovanni Campagna
2734c8547f Fix distcheck
Remove a warning that makes us fail with -Werror
2013-09-17 09:49:17 +02:00
Giovanni Campagna
24074a81d0 mutter-launch: fix for more systemd API changes
Modern systemd changed the semantics of sd_session_get_tty() to
return the full path, rather than just the tty name.

Reviewed by Ray Strode in IRC.
2013-09-16 17:30:45 +02:00
Adel Gadllah
e48a5cd5f2 mutter-launch: Use the correct binary name for the help message as well 2013-09-15 20:28:24 +02:00
Adel Gadllah
698bb24848 mutter-launch: Use correct binary name in error messages 2013-09-15 20:25:39 +02:00
Giovanni Campagna
2f9c6c4146 mutter-launch: adapt to systemd API change
The API was changed during the patch review.

(Yes, we were depending on API which was sitting in a patch not
yet reviewed... you know, vertical integration!)

https://bugzilla.gnome.org/show_bug.cgi?id=707929
2013-09-11 20:36:38 +02:00
Giovanni Campagna
3e341e83d9 mutter-launch: remove PAM usage
Left-overs from the weston-launch import

https://bugzilla.gnome.org/show_bug.cgi?id=707584
2013-09-09 18:09:08 +02:00
Colin Walters
7bd4e6ecb0 weston-launch: Don't segfault if passed no arguments
Probably not exploitable since I think Linux always puts NULL there,
but let's actually check.
2013-08-30 08:26:31 -04:00
Giovanni Campagna
e72f81c24f wayland: add TTY and DRM master management
Now that we have a setuid launcher binary, we can make use of
using a private protocol through the socket we're passed at startup.

We also use the new hook in clutter-evdev to ask mutter-launch for
the FDs of the input devices we need, and we emulate the old X
DRM lock with a nested GMainContext without sources.

In the future, mutter-launch will be replaced with the new logind
API currently in development.

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00
Giovanni Campagna
96fa518576 mutter-launch: augment with VT and TTY handling
Set the TTY mode appropriately at startup, and clean it up
when the compositor exits. Also, take control of VT switching,
including the calls to drmSetMaster and drmDropMaster as appropriate.
In the future, we the kernel implements the mute evdev ioctl,
we'll also make sure that input devices are appropriately released.

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00
Giovanni Campagna
e263b3624c mutter-launch: use systemd to obtain the TTY
Using the command line or an environment variable is dangerous,
as those can be spoofed to gain access to other sessions.

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00
Giovanni Campagna
1c34f0b342 mutter-launch: make sure that the spawned binaries sees the right libraries
Being a setuid binary, our LD_LIBRARY_PATH is cleared by glibc at
startup, but we need the spawned binary to see it, otherwise
jhbuild doesn't work, so hardcode it using the configured libdir.

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00
Giovanni Campagna
2d27873f98 mutter-launch: simplify by removing features we don't need
Remove the ability to launch as a different user, which we don't
need because we're spawned by gdm or by the user manually on the
command line.
At the same time, require an active local session, and remove
the ability to run from anywhere by being in the right user group
(which automatically gives you root-like privileges)

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00
Giovanni Campagna
fd40a12213 wayland: import weston-launch setuid launcher
To run mutter as a display server, one needs to acquire and
release the DRM master, which is only possible for root, so
we take advantage of weston-launch, a small setuid helper binary
written for the weston project. We import our own slightly
modified copy of it, because weston-launch only launches weston,
for security reasons.

https://bugzilla.gnome.org/show_bug.cgi?id=705861
2013-08-30 10:32:55 +02:00