rpms / xorg-x11-drv-qxl

Clone
Source Code
GIT

Blame SOURCES/0007-xspice-chown-both-files-used-by-vdagent-for-suid-Xor.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   a372645f9cc51b90627d3423146ffde6da01e56e
  2.   SOURCES
  3.   0007-xspice-chown-both-files-used-by-vdagent-for-suid-Xor.patch
Blob History Raw
28add0 
From e1b4022a0d2c598e5d5dead8d770f5e7d0de5a0c Mon Sep 17 00:00:00 2001
28add0 
From: Alon Levy <alevy@redhat.com>
28add0 
Date: Mon, 21 Oct 2013 18:22:15 +0300
28add0 
Subject: [PATCH 07/10] xspice: chown both files used by vdagent for suid Xorg
28add0 
 case
28add0
28add0 
When running a suid Xorg mkfifo and bind produce files owned by root.
28add0 
Change the ownership so that the user launched vdagent & vdagentd can
28add0 
write to them. This also makes it easier to cleanup the files from the
28add0 
Xspice process that is not running as root (and is launching both
28add0 
vdagent & vdagentd, hence they are not running as root either).
28add0
28add0 
The patch adds two new parameters, uid and gid of the agent used files,
28add0 
namely the virtio unix domain socket and the uinput fifo.
28add0 
---
28add0 
 scripts/Xspice         |  5 ++++-
28add0 
 src/Makefile.am        |  2 ++
28add0 
 src/qxl.h              |  2 ++
28add0 
 src/qxl_driver.c       |  4 ++++
28add0 
 src/spiceqxl_uinput.c  |  2 ++
28add0 
 src/spiceqxl_util.c    | 22 ++++++++++++++++++++++
28add0 
 src/spiceqxl_util.h    |  8 ++++++++
28add0 
 src/spiceqxl_vdagent.c |  2 ++
28add0 
 8 files changed, 46 insertions(+), 1 deletion(-)
28add0 
 create mode 100644 src/spiceqxl_util.c
28add0 
 create mode 100644 src/spiceqxl_util.h
28add0
28add0 
diff --git a/scripts/Xspice b/scripts/Xspice
28add0 
index 17439a1..34a5fcc 100755
28add0 
--- a/scripts/Xspice
28add0 
+++ b/scripts/Xspice
28add0 
@@ -91,6 +91,8 @@ parser.add_argument('--vdagent-uinput-path', default='/tmp/xspice-uinput', help=
28add0 
 parser.add_argument('--vdagentd-exec', default='spice-vdagentd')
28add0 
 parser.add_argument('--vdagent-exec', default='spice-vdagent')
28add0 
 parser.add_argument('--vdagent-no-launch', default=True, action='store_false', dest='vdagent_launch')
28add0 
+parser.add_argument('--vdagent-uid', default=str(os.getuid()))
28add0 
+parser.add_argument('--vdagent-gid', default=str(os.getgid()))
28add0 
 parser.add_argument('--audio-fifo-dir', default='')
28add0
28add0 
 #TODO
28add0 
@@ -231,7 +233,8 @@ var_args = ['port', 'tls_port', 'disable_ticketing',
28add0 
     'tls_ciphers', 'dh_file', 'password', 'image_compression',
28add0 
     'jpeg_wan_compression', 'zlib_glz_wan_compression',
28add0 
     'streaming_video', 'deferred_fps', 'exit_on_disconnect',
28add0 
-    'vdagent_enabled', 'vdagent_virtio_path', 'vdagent_uinput_path']
28add0 
+    'vdagent_enabled', 'vdagent_virtio_path', 'vdagent_uinput_path',
28add0 
+    'vdagent_uid', 'vdagent_gid']
28add0
28add0 
 for arg in var_args:
28add0 
     if getattr(args, arg):
28add0 
diff --git a/src/Makefile.am b/src/Makefile.am
28add0 
index 4c4ae40..bf50ae1 100644
28add0 
--- a/src/Makefile.am
28add0 
+++ b/src/Makefile.am
28add0 
@@ -79,6 +79,8 @@ spiceqxl_drv_la_SOURCES =				\
28add0 
 	qxl.h					\
28add0 
 	qxl_option_helpers.c			\
28add0 
 	qxl_option_helpers.h			\
28add0 
+	spiceqxl_util.h					\
28add0 
+	spiceqxl_util.c					\
28add0 
 	spiceqxl_spice_server.c			\
28add0 
 	spiceqxl_spice_server.h			\
28add0 
 	spiceqxl_io_port.c			\
28add0 
diff --git a/src/qxl.h b/src/qxl.h
28add0 
index c699c58..a44875b 100644
28add0 
--- a/src/qxl.h
28add0 
+++ b/src/qxl.h
28add0 
@@ -147,6 +147,8 @@ enum {
28add0 
     OPTION_SPICE_VDAGENT_ENABLED,
28add0 
     OPTION_SPICE_VDAGENT_VIRTIO_PATH,
28add0 
     OPTION_SPICE_VDAGENT_UINPUT_PATH,
28add0 
+    OPTION_SPICE_VDAGENT_UID,
28add0 
+    OPTION_SPICE_VDAGENT_GID,
28add0 
 #endif
28add0 
     OPTION_COUNT,
28add0 
 };
28add0 
diff --git a/src/qxl_driver.c b/src/qxl_driver.c
28add0 
index 91ba6c2..29b1551 100644
28add0 
--- a/src/qxl_driver.c
28add0 
+++ b/src/qxl_driver.c
28add0 
@@ -142,6 +142,10 @@ const OptionInfoRec DefaultOptions[] =
28add0 
       "SpiceVdagentVirtioPath",   OPTV_STRING,    {.str = spice_vdagent_virtio_path_default}, FALSE},
28add0 
     { OPTION_SPICE_VDAGENT_UINPUT_PATH,
28add0 
       "SpiceVdagentUinputPath",   OPTV_STRING,    {.str = spice_vdagent_uinput_path_default}, FALSE},
28add0 
+    { OPTION_SPICE_VDAGENT_UID,
28add0 
+      "SpiceVdagentUid",          OPTV_INTEGER,    {0}, FALSE},
28add0 
+    { OPTION_SPICE_VDAGENT_GID,
28add0 
+      "SpiceVdagentGid",          OPTV_INTEGER,    {0}, FALSE},
28add0 
 #endif
28add0
28add0 
     { -1, NULL, OPTV_NONE, {0}, FALSE }
28add0 
diff --git a/src/spiceqxl_uinput.c b/src/spiceqxl_uinput.c
28add0 
index 443f931..1e61907 100644
28add0 
--- a/src/spiceqxl_uinput.c
28add0 
+++ b/src/spiceqxl_uinput.c
28add0 
@@ -13,6 +13,7 @@
28add0 
 #include <linux/uinput.h>
28add0
28add0 
 #include "qxl_option_helpers.h"
28add0 
+#include "spiceqxl_util.h"
28add0 
 #include "spiceqxl_inputs.h"
28add0
28add0 
 #include "spiceqxl_uinput.h"
28add0 
@@ -113,6 +114,7 @@ void spiceqxl_uinput_init(qxl_screen_t *qxl)
28add0 
                 uinput_filename, strerror(errno));
28add0 
         return;
28add0 
     }
28add0 
+    spiceqxl_chown_agent_file(qxl, uinput_filename);
28add0 
     uinput_fd = open(uinput_filename, O_RDONLY | O_NONBLOCK, 0666);
28add0 
     if (uinput_fd == -1) {
28add0 
         fprintf(stderr, "spice: failed creating uinput file %s: %s\n",
28add0 
diff --git a/src/spiceqxl_util.c b/src/spiceqxl_util.c
28add0 
new file mode 100644
28add0 
index 0000000..49cd5ab
28add0 
--- /dev/null
28add0 
+++ b/src/spiceqxl_util.c
28add0 
@@ -0,0 +1,22 @@
28add0 
+#include "config.h"
28add0 
+
28add0 
+#include <unistd.h>
28add0 
+#include <string.h>
28add0 
+#include <errno.h>
28add0 
+
28add0 
+#include "qxl_option_helpers.h"
28add0 
+#include "spiceqxl_util.h"
28add0 
+
28add0 
+void spiceqxl_chown_agent_file(qxl_screen_t *qxl, const char *filename)
28add0 
+{
28add0 
+    int uid, gid;
28add0 
+
28add0 
+    uid = get_int_option(qxl->options, OPTION_SPICE_VDAGENT_UID, "XSPICE_VDAGENT_UID");
28add0 
+    gid = get_int_option(qxl->options, OPTION_SPICE_VDAGENT_GID, "XSPICE_VDAGENT_GID");
28add0 
+    if (uid && gid) {
28add0 
+        if (chown(filename, uid, gid) != 0) {
28add0 
+            fprintf(stderr, "spice: failed to chain ownership of '%s' to %d/%d: %s\n",
28add0 
+                    filename, uid, gid, strerror(errno));
28add0 
+        }
28add0 
+    }
28add0 
+}
28add0 
diff --git a/src/spiceqxl_util.h b/src/spiceqxl_util.h
28add0 
new file mode 100644
28add0 
index 0000000..4726bc1
28add0 
--- /dev/null
28add0 
+++ b/src/spiceqxl_util.h
28add0 
@@ -0,0 +1,8 @@
28add0 
+#ifndef SPICEQXL_UTIL_H
28add0 
+#define SPICEQXL_UTIL_H
28add0 
+
28add0 
+#include "qxl.h"
28add0 
+
28add0 
+void spiceqxl_chown_agent_file(qxl_screen_t *qxl, const char *filename);
28add0 
+
28add0 
+#endif
28add0 
diff --git a/src/spiceqxl_vdagent.c b/src/spiceqxl_vdagent.c
28add0 
index fdeddd3..ba04cb8 100644
28add0 
--- a/src/spiceqxl_vdagent.c
28add0 
+++ b/src/spiceqxl_vdagent.c
28add0 
@@ -10,6 +10,7 @@
28add0
28add0 
 #include "qxl_option_helpers.h"
28add0
28add0 
+#include "spiceqxl_util.h"
28add0 
 #include "spiceqxl_uinput.h"
28add0 
 #include "spiceqxl_vdagent.h"
28add0
28add0 
@@ -156,6 +157,7 @@ void spiceqxl_vdagent_init(qxl_screen_t *qxl)
28add0 
                 vdagent_virtio_filename, strerror(errno));
28add0 
         return;
28add0 
     }
28add0 
+    spiceqxl_chown_agent_file(qxl, vdagent_virtio_filename);
28add0 
     c = listen(virtio_fd, 1);
28add0 
     if (c != 0) {
28add0 
         fprintf(stderr, "error listening to unix domain socket: %s\n", strerror(errno));
28add0 
--
28add0 
1.8.3.1
28add0

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation