With the recent systemd-logind changes it is possible to install the Xorg
binary without suid root rights and still have everything working as it
should *if* the user only has cards which are supported by kms.
This commit adds a little suid root wrapper, which is a bit weird, first we
strip the suid-root bit of the Xorg binary, and then we add a wrapper ?
The function of this wrapper is to see if a system still needs root-rights,
if it does not (it supports kms and the kms drivers are properly loaded),
then it will immediately drop all elevated rights before executing the real
Xorg binary. If it finds (some) cards which don't support kms, or no cards
at all, then it will execute the Xorg server with elevated rights so that
ie the nvidia binary driver and the vesa driver can keep working normally.
To make it possible for security concious users who don't need the root
rights to completely remove the wrapper, Xorg is started in a 3 step process
when the wrapper is enabled during build time:
1) A simple shell script which checks if the wrapper is there, if it is
it executes the wrapper, if not it directly executes the real Xorg binary
2) The wrapper gets executed, does its checks, normally drops all elevated
rights and then executes the real Xorg binary
3) The real Xorg binary does its thing
This allows distributions to put the wrapper binary in a separate package, and
will allow users to remove this package. IE the plan with Fedora is to make
"legacy" drivers depend on the wrapper pkg, and since our default install
contains some legacy drivers it will be part of the default install, but
users can later yum remove it (which will also automatically remove the
legacy driver packages as those won't work without it anyways).
The wrapper is loosely modelled after the existing Debian Xwrapper, it
uses the same config-file + config-file format, and also allows restricting
Xserver execution (through the wrapper) to console users only.
There also is a new needs_root_rights config file directive, which can
be used to override the auto-detection the wrapper does.
Hopefully this will allow Debian to replace their own wrapper with this
upstream one.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
This is not exposing the API we want long term, but it should get
existing DDX drivers up and running while we massage the API into
shape.
v2: Use LIBADD instead of LDFLAGS to fix deps on libglamor.la, and use
version 0.5.1 (the point it was forked from the external repo).
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
v2: Avoid making the Ximage for the screen that we'll never use, and
drive the screen pixmap creation for glamor ourselves.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Keith Packard <keithp@keithp.com> (v1)
Reviewed-by: Adam Jackson <ajax@redhat.com>
This commits add the bulk of the systemd-logind integration code, but does
not hook it up yet other then calling its init and fini functions, which
don't do that much.
Note the configure bits check for udev since systemd-logind use will only be
supported in combination with udev. Besides that it only checks for dbus
since all communication with systemd-logind is happening over dbus, so
no further libs are needed.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Libepoxy hides all the GL versus GLES2 dispatch handling for us, with
higher performance.
v2: Squash in the later patch to drop the later of two repeated
glamor_get_dispatch()es instead (caught by keithp)
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
libglx.so is linked against libGL.so, but Xorg itself should not be.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
With systemd-logind the dbus-core will be used for more then just config, so
it should be possible to build it even when using a non dbus dependent config
backend.
This patch also removes the config_ prefix from the dbus-core symbols.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
This API has been disabled by default since 1.4, the first release it came in.
There a no known users of it and even its direct replacement (HAL) has
been superseeded by udev on supported platforms since 1.8.
This code is untested, probably hasn't been compiled in years and should not
be shipped.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
PseudoramiXExtensionInit() is not defined in extinit.h if it won't be
used and we get a compiler warning when compiling the pseudoramiX code.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
For now we're just building an uninstalled library. The extra EGL
stubs are required so that we can get the DIX building and usable
without pulling in the xf86 DDX code in glamor_egl.c.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Zhigang Gong <zhigang.gong@linux.intel.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
A warning about the macro generating the warnings to the user...
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
The code produced in the configure script is identical.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
The code produced in the configure script is identical.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
We can also make do without the workaround introduced in 2005.
The 2.60 autoconf minimum version covers that now.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
LT_PREREQ([2.2])
LT_INIT
AC_CONFIG_MACRO_DIR([m4]) is recommended to locate local macros,
which is fully used starting automake 1.14.
ACLOCAL_AMFLAGS in Makefile.am is deprecated since automake 1.14.
The comment is to prevent developers from removing the statement
as suggested in 1.14 which would break earlier versions.
Automake 1.14 is already in use by many.
This patch works on versions prior and post 1.14
References:
Building the X Window System from Source:
http://www.x.org/wiki/Building_the_X_Window_System/#index2h3
Discussion on xorg minimum autotools requirements:
http://lists.x.org/archives/xorg-devel/2013-October/038325.html
Tested with autoconf 2.60, automake 1.10.3 and libtool 2.2
The same upgrade will be applied to libraries and drivers.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
Signed-off-by: Keith Packard <keithp@keithp.com>
It's clearly un-loved, having piles and piles of warnings. If someone
wants to fix it up to compile without warnings, we can re-enable it.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
v1: Rewrite by Marc Haesen of the WGL wrapper function generation script to use
Khronos group XML.
v2: Remove -dispatchheader option, since dispatch.h doesn't exist anymore, use
the private glapi interface to construct the GL dispatch table for the native
WGL thunks.
v3:
Rewrite to generate shims for the OpenGL 1.2.1 (GL 1.2 + GL_ARB_imaging
+GL_ARB_multitexture + GL_ARB_texture_compression(?)) functions the server links
directly with rather than libGL.
These shims dispatch to either the mesa GL DLL, or a thunking DLL containing
cdecl-to-stcall wrapper functions for the native GL DLL.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Adam Jackson <ajax@redhat.com>
On 16/11/2013 01:00, Connor Behan wrote:
> A --disable-pciaccess build will fail with an int10 module other than
> stub.
>
> Signed-off-by: Connor Behan <connor.behan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> configure.ac | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/configure.ac b/configure.ac
> index 5e621e0..a843770 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1822,6 +1822,9 @@ if test "x$XORG" = xyes; then
> if test "x$CONFIG_UDEV_KMS" = xyes; then
> AC_MSG_ERROR([Platform device enumeration requires libpciaccess])
> fi
> + if test "x$INT10" != xstub; then
> + AC_MSG_ERROR([Cannot build int10 without libpciaccess])
> + fi
> fi
> AC_MSG_RESULT([$PCI])
>
This causes my build to fail where --disable-int10-module --disable-pciaccess
is the default (as INT10 still has the default value 'x86emu')
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Tested-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
libxshmfence had an unfortunate 'int32_t' type for the mapped fence.
That changed to exposing a 'struct shmfence' instead, which is nice
and opaque and offers fine type checking across the API.
This patch requires the newer version of the library and uses
the new interface type.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
By default, this looks through a list of directories to find one which
exists, but can be overridden with --with-shared-memory-dir=PATH
This patch doesn't actually do anything with this directory, just
makes it available in the configuration
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
A --disable-pciaccess build will fail with an int10 module other than
stub.
Signed-off-by: Connor Behan <connor.behan@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
There is currently no reason to build with --enable-config-udev-kms and
--disable-pciaccess but anyone who tries this should know that the build
will fail.
Signed-off-by: Connor Behan <connor.behan@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Since all the inb/outb/etc. use in the X server itself (except for
xf86SlowBcopy) has been replaced by calls to libpciaccess, we no
longer need to pass inline assembly files to replace the gcc inline
assembly from hw/xfree86/common/compiler.h when building Xorg itself.
The .il files are still generated and installed in the SDK for the
benefit of drivers who may use them.
Binary diff of before and after showed that xf86SlowBcopy was the
only function changed across the Xorg binary and all modules built
in the Xserver build, it just calls the outb() function now instead
of having the outb instructions inlined, making it a slightly slower
bcopy.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Requires passing through the __EXTENSIONS__ and _XOPEN_SOURCE defines
in order to expose the msg_control members in struct msghdr.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
If a client passes a section of memory via file descriptor and then
subsequently truncates that file, the underlying pages will be freed
and the addresses invalidated. Subsequent accesses to the page will
fail with a SIGBUS error.
Trap that SIGBUS, figure out which segment was causing the error and
then allocate new pages to fill in for that region. Mark the offending
shared segment as invalid and free the resource ID so that the client
will be able to tell when subsequently attempting to use the segment.
Signed-off-by: Keith Packard <keithp@keithp.com>
v2: Use MAP_FIXED to simplify the recovery logic (Mark Kettenis)
v3: Also catch errors in ShmCreateSegment
Conflicts:
include/dix-config.h.in
include/xorg-config.h.in
This includes the MIT-SHM FD passing requests
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Until other operating systems have a libXtrans port for FD passing,
disable this on non-Linux systems.
Note that this define affects how libXtrans gets built into the X
server, which is why it need only define the symbol
Signed-off-by: Keith Packard <keithp@keithp.com>
The GLX section of configura.ac checks the state of DRI2, so it
needs to be after DRI2=auto is resolved.
Also reset libgl requirement to 7.1.0 in non-dri2 case.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This gets the server to link with xshmfence again, and also ensures
that the miSyncShm code is linked into the server with the reference
from sdksyms.
Signed-off-by: Keith Packard <keithp@keithp.com>