solaris-desktop/patches/gdm-04-smf.diff

18159N/A--- gdm-2.29.5/acconfig.h-orig  2010-01-20 12:25:31.161980534 -0600
18159N/A+++ gdm-2.29.5/acconfig.h   2010-01-20 12:25:49.994672342 -0600
18159N/A@@ -30,6 +30,7 @@
18159N/A #undef HAVE_SETENV
18159N/A #undef HAVE_SETRESUID
18159N/A #undef HAVE_SHADOW
18159N/A+#undef HAVE_SMF_CONTRACTS
18159N/A #undef HAVE_SOLARIS_XINERAMA
18159N/A #undef HAVE_STPCPY
18159N/A #undef HAVE_SYS_SOCKIO_H
18159N/A--- gdm-2.29.5/configure.ac-orig    2010-01-20 12:24:46.259973144 -0600
18159N/A+++ gdm-2.29.5/configure.ac 2010-01-20 12:25:25.298947638 -0600
18159N/A@@ -951,6 +951,14 @@ if test "x$enable_rbac_shutdown" != "xno
18159N/A fi
18159N/A AC_SUBST(RBAC_LIBS)
18159N/A
18159N/A+dnl ---------------------------------------------------------------------------
18159N/A+dnl check for Solaris SMF contract support
18159N/A+dnl ---------------------------------------------------------------------------
18159N/A+
18159N/A+AC_MSG_CHECKING(for Solaris SMF contract support)
18159N/A+AC_CHECK_LIB(contract, ct_tmpl_activate, [
18159N/A+           AC_DEFINE(HAVE_SMF_CONTRACTS)
18159N/A+                            EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lcontract" ])
18159N/A
18159N/A dnl ---------------------------------------------------------------------------
18159N/A dnl check for backtrace support
18159N/A--- gdm-2.29.5/daemon/gdm-slave-proxy.c-orig    2010-01-20 12:26:18.196290065 -0600
18159N/A+++ gdm-2.29.5/daemon/gdm-slave-proxy.c 2010-01-20 12:30:40.753432413 -0600
18159N/A@@ -30,6 +30,13 @@
18159N/A #include <errno.h>
18159N/A #include <signal.h>
18159N/A
18159N/A+#ifdef HAVE_SMF_CONTRACTS
18159N/A+#include <sys/ctfs.h>
18159N/A+#include <sys/contract.h>
18159N/A+#include <sys/contract/process.h>
18159N/A+#include <libcontract.h>
18159N/A+#endif
18159N/A+
18159N/A #include <glib.h>
18159N/A #include <glib/gi18n.h>
18159N/A #include <glib/gstdio.h>
18159N/A@@ -129,9 +136,145 @@ typedef struct {
18159N/A         const char *log_file;
18159N/A } SpawnChildData;
18159N/A
18159N/A+#ifdef HAVE_SMF_CONTRACTS
18159N/A+static int contracts_fd = -1;
18159N/A+
18159N/A+void
18159N/A+contracts_pre_fork ()
18159N/A+{
18159N/A+   const char *errmsg = "opening process contract template";
18159N/A+
18159N/A+        /*
18159N/A+         * On failure, just continue since it is better to start with
18159N/A+         * children in the same contract than to not start them at all.
18159N/A+         */
18159N/A+        if (contracts_fd == -1) {
18159N/A+                if ((contracts_fd = open64 (CTFS_ROOT "/process/template",
18159N/A+                                            O_RDWR)) == -1)
18159N/A+                        goto exit;
18159N/A+
18159N/A+                errmsg = "setting contract terms";
18159N/A+                if ((errno = ct_pr_tmpl_set_param (contracts_fd, CT_PR_PGRPONLY)))
18159N/A+                        goto exit;
18159N/A+
18159N/A+                if ((errno = ct_tmpl_set_informative (contracts_fd, CT_PR_EV_HWERR)))
18159N/A+                        goto exit;
18159N/A+
18159N/A+                if ((errno = ct_pr_tmpl_set_fatal (contracts_fd, CT_PR_EV_HWERR)))
18159N/A+                        goto exit;
18159N/A+
18159N/A+                if ((errno = ct_tmpl_set_critical (contracts_fd, 0)))
18159N/A+                        goto exit;
18159N/A+        }
18159N/A+
18159N/A+        errmsg = "setting active template";
18159N/A+        if ((errno = ct_tmpl_activate (contracts_fd)))
18159N/A+                goto exit;
18159N/A+
18159N/A+        g_debug ("Set active contract");
18159N/A+        return;
18159N/A+
18159N/A+exit:
18159N/A+            if (contracts_fd != -1)
18159N/A+                (void) close (contracts_fd);
18159N/A+
18159N/A+        contracts_fd = -1;
18159N/A+
18159N/A+        if (errno) {
18159N/A+                g_debug (
18159N/A+                        "Error setting up active contract template: %s while %s",
18159N/A+                        strerror (errno), errmsg);
18159N/A+        }
18159N/A+}
18159N/A+
18159N/A+void
18159N/A+contracts_post_fork_child ()
18159N/A+{
18159N/A+        /* Clear active template so no new contracts are created on fork */
18159N/A+        if (contracts_fd == -1)
18159N/A+                return;
18159N/A+
18159N/A+        if ((errno = (ct_tmpl_clear (contracts_fd)))) {
18159N/A+                g_debug (
18159N/A+                        "Error clearing active contract template (child): %s",
18159N/A+                        strerror (errno));
18159N/A+        } else {
18159N/A+                g_debug ("Cleared active contract template (child)");
18159N/A+        }
18159N/A+
18159N/A+        (void) close (contracts_fd);
18159N/A+
18159N/A+        contracts_fd = -1;
18159N/A+}
18159N/A+
18159N/A+void
18159N/A+contracts_post_fork_parent (int fork_succeeded)
18159N/A+{
18159N/A+        char path[PATH_MAX];
18159N/A+        int cfd;
18159N/A+        ct_stathdl_t status;
18159N/A+        ctid_t latest;
18159N/A+
18159N/A+        /* Clear active template, abandon latest contract. */
18159N/A+        if (contracts_fd == -1)
18159N/A+                return;
18159N/A+
18159N/A+        if ((errno = ct_tmpl_clear (contracts_fd)))
18159N/A+                g_debug ("Error while clearing active contract template: %s",
18159N/A+                         strerror (errno));
18159N/A+        else
18159N/A+                g_debug ("Cleared active contract template (parent)");
18159N/A+
18159N/A+        if (!fork_succeeded)
18159N/A+                return;
18159N/A+
18159N/A+        if ((cfd = open64 (CTFS_ROOT "/process/latest", O_RDONLY)) == -1) {
18159N/A+                g_debug ("Error getting latest contract: %s",
18159N/A+                         strerror(errno));
18159N/A+                return;
18159N/A+        }
18159N/A+
18159N/A+        if ((errno = ct_status_read (cfd, CTD_COMMON, &status)) != 0) {
18159N/A+                g_debug ("Error getting latest contract ID: %s",
18159N/A+                         strerror(errno));
18159N/A+                (void) close (cfd);
18159N/A+                return;
18159N/A+        }
18159N/A+
18159N/A+        latest = ct_status_get_id (status);
18159N/A+        ct_status_free (status);
18159N/A+        (void) close (cfd);
18159N/A+
18159N/A+        if ((snprintf (path, PATH_MAX, CTFS_ROOT "/all/%ld/ctl", latest)) >=
18159N/A+             PATH_MAX) {
18159N/A+                g_debug ("Error opening the latest contract ctl file: %s",
18159N/A+                         strerror (ENAMETOOLONG));
18159N/A+                return;
18159N/A+        }
18159N/A+
18159N/A+        cfd = open64 (path, O_WRONLY);
18159N/A+        if (cfd == -1) {
18159N/A+                g_debug ("Error opening the latest contract ctl file: %s",
18159N/A+                         strerror (errno));
18159N/A+                return;
18159N/A+        }
18159N/A+
18159N/A+        if ((errno = ct_ctl_abandon (cfd)))
18159N/A+                g_debug ("Error abandoning latest contract: %s",
18159N/A+                         strerror (errno));
18159N/A+        else
18159N/A+                g_debug ("Abandoned latest contract");
18159N/A+
18159N/A+        (void) close (cfd);
18159N/A+}
18159N/A+#endif HAVE_SMF_CONTRACTS
18159N/A+
18159N/A static void
18159N/A spawn_child_setup (SpawnChildData *data)
18159N/A {
18159N/A+#ifdef HAVE_SMF_CONTRACTS
18159N/A+        contracts_post_fork_child ();
18159N/A+#endif
18159N/A
18159N/A         if (data->log_file != NULL) {
18159N/A                 int logfd;
18159N/A@@ -174,6 +317,10 @@ spawn_command_line_async (const char *co
18159N/A
18159N/A         data.log_file = log_file;
18159N/A
18159N/A+#ifdef HAVE_SMF_CONTRACTS
18159N/A+    contracts_pre_fork ();
18159N/A+#endif
18159N/A+
18159N/A         local_error = NULL;
18159N/A         res = g_spawn_async (NULL,
18159N/A                              argv,
18159N/A@@ -190,6 +337,10 @@ spawn_command_line_async (const char *co
18159N/A                 goto out;
18159N/A         }
18159N/A
18159N/A+#ifdef HAVE_SMF_CONTRACTS
18749N/A+        contracts_post_fork_parent ((*child_pid > 0));
18159N/A+#endif
18159N/A+
18159N/A         ret = TRUE;
18159N/A  out:
18159N/A         g_strfreev (argv);