diff options
author | Adam Jackson <ajax@redhat.com> | 2008-02-15 13:49:12 -0500 |
---|---|---|
committer | Adam Jackson <ajax@redhat.com> | 2008-02-15 13:49:12 -0500 |
commit | 66611f2298539fa28a3667c02ca4013602634d3d (patch) | |
tree | 74b1b70e0b90eebb9792a71a7057d42106c9014c /src/mesa | |
parent | bf4a0fafc86bba8dc868cf30244a237e33645164 (diff) |
Trivial SELinux awareness. Enable with --enable-selinux.
Avoids AVC warnings when allocating executable memory by first checking
if the current process has permission to do so.
Diffstat (limited to 'src/mesa')
-rw-r--r-- | src/mesa/main/execmem.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/mesa/main/execmem.c b/src/mesa/main/execmem.c index 40f66d7da2..b40a2de8fa 100644 --- a/src/mesa/main/execmem.c +++ b/src/mesa/main/execmem.c @@ -47,6 +47,10 @@ #include <sys/mman.h> #include "mm.h" +#ifdef MESA_SELINUX +#include <selinux/selinux.h> +#endif + #define EXEC_HEAP_SIZE (10*1024*1024) _glthread_DECLARE_STATIC_MUTEX(exec_mutex); @@ -55,9 +59,17 @@ static struct mem_block *exec_heap = NULL; static unsigned char *exec_mem = NULL; -static void +static int init_heap(void) { +#ifdef MESA_SELINUX + if (is_selinux_enabled()) { + if (!security_get_boolean_active("allow_execmem") || + !security_get_boolean_pending("allow_execmem")) + return 0; + } +#endif + if (!exec_heap) exec_heap = mmInit( 0, EXEC_HEAP_SIZE ); @@ -65,6 +77,8 @@ init_heap(void) exec_mem = (unsigned char *) mmap(0, EXEC_HEAP_SIZE, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + return (exec_mem != NULL); } @@ -76,7 +90,8 @@ _mesa_exec_malloc(GLuint size) _glthread_LOCK_MUTEX(exec_mutex); - init_heap(); + if (!init_heap()) + goto bail; if (exec_heap) { size = (size + 31) & ~31; @@ -87,7 +102,8 @@ _mesa_exec_malloc(GLuint size) addr = exec_mem + block->ofs; else _mesa_printf("_mesa_exec_malloc failed\n"); - + +bail: _glthread_UNLOCK_MUTEX(exec_mutex); return addr; |