packages/rtkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:ce0217e9beacb214daba774f8162bd6f08849ec8
Branches Tags
packages:main
..
compare: packages:cd4e77f0c106ef2f63d1880f108322fa1a0e6c16
Branches Tags
packages:main

No commits in common. "ce0217e9beacb214daba774f8162bd6f08849ec8" and "cd4e77f0c106ef2f63d1880f108322fa1a0e6c16" have entirely different histories.
ce0217e9be ... cd4e77f0c1

8 changed files with 103 additions and 33 deletions
Show Stats Expand all files Collapse all files

48
0001-SECURITY-Pass-uid-of-caller-to-polkit.patch Normal file
View File

@ -0,0 +1,48 @@
From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 22 Aug 2013 16:05:22 -0400
Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which
is racy if they execve() a setuid binary.
---
rtkit-daemon.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/rtkit-daemon.c b/rtkit-daemon.c
index 2ebe673..3ecc1f7 100644
--- a/rtkit-daemon.c
+++ b/rtkit-daemon.c
@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
DBusMessage *m = NULL, *r = NULL;
const char *unix_process = "unix-process";
const char *pid = "pid";
+ const char *uid = "uid";
const char *start_time = "start-time";
const char *cancel_id = "";
uint32_t flags = 0;
uint32_t pid_u32 = p->pid;
- uint64_t start_time_u64 = p->starttime;
+ uint32_t uid_u32 = (uint32_t)u->uid;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
+ uint64_t start_time_u64 = p->starttime;
int ret;
dbus_bool_t authorized = FALSE;
@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
+ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
+ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
+ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+
assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
--
1.7.1

13
format-security.patch Normal file
View File

@ -0,0 +1,13 @@
diff -ruN rtkit-0.11.orig/Makefile.am rtkit-0.11/Makefile.am
--- rtkit-0.11.orig/Makefile.am 2017-05-12 12:56:52.245623657 -0400
+++ rtkit-0.11/Makefile.am 2017-05-12 13:24:27.206304970 -0400
@@ -18,6 +18,8 @@
AM_CFLAGS = $(WARNINGFLAGS) $(PTHREAD_CFLAGS)
AM_LDFLAGS = $(GCLDFLAGS)
+CFLAGS += -Wno-error=format-security
+
ACLOCAL_AMFLAGS = -I m4
policykitdir = $(datadir)/polkit-1/actions/
Binary files rtkit-0.11.orig/.Makefile.am.swp and rtkit-0.11/.Makefile.am.swp differ

BIN
rtkit-0.11.tar.gz Normal file
View File

Binary file not shown.

14
rtkit-controlgroup.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git rtkit-0.11/rtkit-daemon.service.in~ rtkit-0.11/rtkit-daemon.service.in
index 3dfefa6..d0dc786 100644
--- rtkit-0.11/rtkit-daemon.service.in~
+++ rtkit-0.11/rtkit-daemon.service.in
@@ -27,9 +27,5 @@ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CH
PrivateTmp=yes
PrivateNetwork=yes
-# Work around the fact that the Linux currently doesn't assign any RT
-# budget to CPU control groups that have none configured explicitly
-ControlGroup=cpu:/
-
[Install]
WantedBy=graphical.target

12
rtkit-mq_getattr.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/configure.ac b/configure.ac
index 5a77363..45721a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -112,6 +112,7 @@ CC="$PTHREAD_CC"
AC_SEARCH_LIBS([sched_setscheduler], [rt])
AC_SEARCH_LIBS([clock_gettime], [rt])
+AC_SEARCH_LIBS([mq_getattr], [rt])
AC_SEARCH_LIBS([cap_init], [cap])
PKG_CHECK_MODULES(DBUS, dbus-1)

45
rtkit.spec
View File

@ -1,17 +1,20 @@
%global revision 20161005
Name: rtkit Name: rtkit
Version: 0.13 Version: 0.11
Release: 1 Release: 25
Summary: REALTIMEKIT Realtime Policy and Watchdog Daemon Summary: REALTIMEKIT Realtime Policy and Watchdog Daemon
License: GPLv3+ and BSD License: GPLv3+ and BSD
URL: https://github.com/heftig/rtkit URL: https://github.com/heftig/rtkit
Source0: %{url}/archive/refs/tags/v%{version}.tar.gz Source0: https://github.com/heftig/rtkit/releases/download/v0.12/%{name}-%{version}.tar.gz
BuildRequires: systemd dbus-devel libcap-devel polkit-devel libtool autoconf automake BuildRequires: systemd dbus-devel libcap-devel polkit-devel libtool autoconf automake
BuildRequires: vim-common
Requires: dbus polkit Requires: dbus polkit
Patch1: rtkit-mq_getattr.patch
Patch2: 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
Patch3: rtkit-controlgroup.patch
Patch4: format-security.patch
%systemd_requires %systemd_requires
%package_help %package_help
@ -27,14 +30,17 @@ be used by normal user processes.
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{version} -p1
%build %build
./autogen.sh
autoreconf -vif autoreconf -vif
export CFLAGS="%{optflags} -Wno-error=format-security" %configure --with-systemdsystemunitdir=%{_unitdir}
%configure --with-systemdsystemunitdir=%{_unitdir} --libexecdir=%{_libexecdir}/rtkit
%make_build V=1 %make_build V=1
./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml ./rtkit-daemon --introspect > org.freedesktop.RealtimeKit1.xml
%install %install
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
mkdir %{buildroot}%{_datadir}/dbus-1/interfaces/
cp %{_builddir}/%{name}-%{version}/org.freedesktop.RealtimeKit1.xml \
%{buildroot}%{_datadir}/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml
%pre %pre
getent group rtkit >/dev/null 2>&1 || groupadd -r -g 172 rtkit getent group rtkit >/dev/null 2>&1 || groupadd -r -g 172 rtkit
@ -56,37 +62,18 @@ dbus-send --system --type=method_call \
%files %files
%doc rtkit.c rtkit.h README %doc rtkit.c rtkit.h README
%license GPL LICENSE %license GPL LICENSE
%attr(0755,root,root) %{_libexecdir}/rtkit/rtkit-daemon %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.RealtimeKit1.conf
%attr(0755,root,root) %{_libexecdir}/rtkit-daemon
%attr(0755,root,root) %{_sbindir}/rtkitctl %attr(0755,root,root) %{_sbindir}/rtkitctl
%attr(0644,root,root) %{_datadir}/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml %attr(0644,root,root) %{_datadir}/dbus-1/interfaces/org.freedesktop.RealtimeKit1.xml
%{_datadir}/dbus-1/system-services/*.service %{_datadir}/dbus-1/system-services/*.service
%{_datadir}/polkit-1/actions/*.policy %{_datadir}/polkit-1/actions/*.policy
%{_unitdir}/rtkit-daemon.service %{_unitdir}/rtkit-daemon.service
%{_libexecdir}/rtkit/installed-tests/rtkit/rtkit-test
%{_datadir}/dbus-1/system.d/org.freedesktop.RealtimeKit1.conf
%files help %files help
%{_mandir}/man8/rtkitctl.8.gz %{_mandir}/man8/rtkitctl.8.gz
%changelog %changelog
* Thu Oct 19 2023 li weigang - <weigangli99@gmail.com> - 0.13-1
- Type: update
- ID: NA
- SUG: NA
- DESC: update to version 0.13
* Fri Sep 11 2020 chengguipeng<chengguipeng1@huawei.com> - 0.11-27
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:modify source0 url
* Wed Jan 8 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.11-26
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:optimization the spec
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.11-25 * Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.11-25
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA

4
rtkit.yaml
View File

@ -1,4 +0,0 @@
version_control: github
src_repo: heftig/rtkit
tag_prefix: "^v"
seperator: "."

BIN
v0.13.tar.gz
View File

Binary file not shown.