Magnus Granberg <zo...@gentoo.org> writes: > This patch add new configure options to enable readonly text segments > for x86 For any apps that use any libGL with writeble text segments > on x86 with a Grsec/PaX/Selinux enable kernel get killed with cannot > make segment writable for relocation: Permission denied. This > patch was okay with Dan Nicholson from the old mesa3d-dev ml on > sourceforge.com byt fas never commited.
Uhh.. what's the point? If you --enable-glx-tls, then Mesa plays well with SELinux. I did notice a bug a while back, where on x86 (and not x86_64!) a define wasn't propagating correctly and this resulted in a lone unrelocatable symbol. I actually have trouble finding an x86 system these days, to be quite honest. I'll see if I can dig up that patch and send it to you off-list. If you can test it for me && submit it to this dev-list, I'd be grateful. I'd vote that it get fixed that way instead of a new, redundant configure option. Especially since I plan on making --enable-glx-tls a default=autodetect instead of default=disabled option soon enough. Side note to your or anyone, IMHO if you're building for a Linux distro you almost assuredly want to force --enable-glx-tls. The only reason it's not the default is for esoteric systems / runtimes (i.e. not the nornmal Linux situation) that have not managed to implement TLS yet. -tom > http://marc.info/?l=mesa3d-dev&m=125972126112796&w=2 > > /Magnus > --- > > --Boundary-00=_rwxUNrN97g4U9RI > Content-Type: text/x-patch; > charset="UTF-8"; > name="glx_ro_text_segm.patch" > Content-Transfer-Encoding: 7bit > Content-Disposition: attachment; > filename="glx_ro_text_segm.patch" > > 2011-02-09 Jeremy Huddleston <jerem...@freedesktop.org > > * configure.ac add support to enable readonly test segment on > x86 > > --- configure.ac.orig 2008-11-17 23:19:38.000000000 +0100 > +++ configure.ac 2008-11-17 23:20:17.000000000 +0100 > @@ -499,6 +499,20 @@ > enable_xcb=no > fi > > + > +dnl readonly text segment on x86 hardened platforms > +AC_ARG_ENABLE([glx_rts], > + [AS_HELP_STRING([--enable-glx-rts], > + [on x86, use a readonly text segment for libGL @<:@default=disabled@ > :>@])], > + [enable_glx_rts="$enableval"], > + [enable_glx_rts=no]) > +if test "x$enable_glx_rts" = xyes; then > + DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT" > +else > + enable_glx_rts=no > +fi > + > + > dnl > dnl libGL configuration per driver > dnl > > --Boundary-00=_rwxUNrN97g4U9RI > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > mesa-dev mailing list > mesa-dev@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/mesa-dev > > --Boundary-00=_rwxUNrN97g4U9RI-- _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev