https://bugs.freedesktop.org/show_bug.cgi?id=72755
--- Comment #11 from Stephan Bergmann <[email protected]> --- (In reply to comment #9) > If (1) or (2) fails when trying $HOME, it will apparently not try again with > /tmp, but just use a plain (read, write, non-exec) allocation. Sorry, I misread our code. In fact, it does create a read/write/exec allocation, or indicate failure if that is denied. (In reply to comment #10) > Would it be possible to try to do the mmaps first, and then if they fail due > to selinux to fallback to doing the file creation? If so, that might fix > it for all three cases (grsecurity, apparmor, and selinux). I'll ask around whether > diff --git a/bridges/source/cpp_uno/shared/vtablefactory.cxx > b/bridges/source/cpp_uno/shared/vtablefactory.cxx > index 2daf76b..999bbc2 100644 > --- a/bridges/source/cpp_uno/shared/vtablefactory.cxx > +++ b/bridges/source/cpp_uno/shared/vtablefactory.cxx > @@ -230,9 +230,14 @@ bool VtableFactory::createBlock(Block &block, sal_Int32 > slotCount) const > sal_Size size = getBlockSize(slotCount); > sal_Size pagesize = sysconf(_SC_PAGESIZE); > block.size = (size + (pagesize - 1)) & ~(pagesize - 1); > - block.start = block.exec = NULL; > block.fd = -1; > > + // Try non-doublemmaped allocation first: > + block.start = block.exec = rtl_arena_alloc(m_arena, &block.size); > + if (block.start != nullptr) { > + return true; > + } > + > osl::Security aSecurity; > OUString strDirectory; > OUString strURLDirectory; > @@ -290,12 +295,6 @@ bool VtableFactory::createBlock(Block &block, sal_Int32 > slotCount) const > > strDirectory = OUString(); > } > - if (!block.start || !block.exec || block.fd == -1) > - { > - //Fall back to non-doublemmaped allocation > - block.fd = -1; > - block.start = block.exec = rtl_arena_alloc(m_arena, &block.size); > - } > return (block.start != 0 && block.exec != 0); > } > would have any unwanted consequences on SELinux (like flooding some audit log). (Some notes about observations on my Fedora 20 box with SELinux enforced: * I need to explicitly "sudo setsebool deny_execmem on" to make mmap/mprotect fail for write+exec mappings. * Neither OpenJDK 1.7 nor 1.8 appear to be prepared to work with deny_execmem on, already "java -version" fails. Only GCJ 1.5 appears to potentially be prepared, at least "java -version" works there. * The GNOME desktop appears to not be prepared to work with deny_execmem on. It started to crash/freeze for me in weird ways---at which point I stopped my experiments with LO under deny_execmem on.) -- You are receiving this mail because: You are the assignee for the bug.
_______________________________________________ Libreoffice-bugs mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
