https://bugs.freedesktop.org/show_bug.cgi?id=73473
--- Comment #8 from Amadeusz <[email protected]> --- Created attachment 92300 --> https://bugs.freedesktop.org/attachment.cgi?id=92300&action=edit patch adding check for PaX mprotect As I said on #gentoo-hardened channel, I wouldn't like to see the SELinux part of this patch to be merged. Provided SELinux check effectively requires allowing all applications to be allowed access to write|exec memory regardless of if it is needed or not. I tested patch without the SELinux part and it worked fine on my PaX & SELinux enabled system. Starting glxgears didn't bring down whole X server as was the case before applying patch ;) . If one wants to avoid "grsec: denied RWX mmap" messages probably something along the lines of patch I attached (based on checks from the SELinux one and http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libffi/files/libffi-3.0.13-emutramp_pax_proc.patch?revision=1.2&view=markup) would be needed. -- You are receiving this mail because: You are the assignee for the bug.
_______________________________________________ Nouveau mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/nouveau
