rpms/xorg-x11-server/devel xserver-1.6.0-selinux-nlfd.patch, NONE, 1.1 xorg-x11-server.spec, 1.424, 1.425
Adam Jackson
ajax at fedoraproject.org
Thu Mar 12 17:34:30 UTC 2009
Author: ajax
Update of /cvs/pkgs/rpms/xorg-x11-server/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1540
Modified Files:
xorg-x11-server.spec
Added Files:
xserver-1.6.0-selinux-nlfd.patch
Log Message:
* Thu Mar 12 2009 Adam Jackson <ajax at redhat.com> 1.6.0-13
- xselinux-1.6.0-selinux-nlfd.patch: Acquire the netlink socket from selinux,
check it ourselves rather than having libselinux bang on it all the time.
xserver-1.6.0-selinux-nlfd.patch:
--- NEW FILE xserver-1.6.0-selinux-nlfd.patch ---
>From 0731394b205f003143ceec1bde04b6c6726f9c10 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax at redhat.com>
Date: Mon, 2 Mar 2009 18:45:27 -0500
Subject: [PATCH] selinux netlink socket hack
---
Xext/xselinux.c | 29 +++++++++++++++++++++++++++++
configure.ac | 4 ++++
include/dix-config.h.in | 2 ++
3 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 6085983..419c0ae 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1887,6 +1887,22 @@ SProcSELinuxDispatch(ClientPtr client)
}
}
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+static int netlink_fd;
+
+static void
+SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask)
+{
+}
+
+static void
+SELinuxWakeupHandler(void *data, int err, void *read_mask)
+{
+ if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
+ avc_netlink_check_nb();
+}
+#endif
+
/*
* Extension Setup / Teardown
@@ -1917,6 +1933,12 @@ SELinuxResetProc(ExtensionEntry *extEntry)
label_hnd = NULL;
audit_close(audit_fd);
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ avc_netlink_release_fd();
+ RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+ RemoveGeneralSocket(netlink_fd);
+#endif
avc_destroy();
avc_active = 0;
@@ -2013,6 +2035,13 @@ SELinuxExtensionInit(INITARGS)
if (atom_client_ctx == BAD_RESOURCE)
FatalError("SELinux: Failed to create atom\n");
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ netlink_fd = avc_netlink_acquire_fd();
+ AddGeneralSocket(netlink_fd);
+ RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+#endif
+
/* Register callbacks */
ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
diff --git a/configure.ac b/configure.ac
index 72ae67e..55a880e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -920,6 +920,10 @@ if test "x$XSELINUX" = xyes; then
AC_CHECK_LIB(selinux, avc_init, [], AC_MSG_ERROR([SELinux library not found]))
AC_CHECK_HEADERS([libaudit.h], [], AC_MSG_ERROR([SELinux extension requires audit system headers]))
AC_CHECK_LIB(audit, audit_open, [], AC_MSG_ERROR([SELinux extension requires audit system library]))
+ AC_CHECK_DECL(avc_netlink_acquire_fd,
+ [AC_DEFINE(HAVE_AVC_NETLINK_ACQUIRE_FD, 1, "Have avc_netlink_acquire_fd")],
+ [],
+ [#include <selinux/avc.h>])
AC_DEFINE(XSELINUX, 1, [Build SELinux extension])
SELINUX_LIB="-lselinux -laudit"
fi
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 3da193f..66c3008 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -442,4 +442,6 @@
#include "dix-config-apple-verbatim.h"
#endif
+#undef HAVE_AVC_NETLINK_ACQUIRE_FD
+
#endif /* _DIX_CONFIG_H_ */
--
1.6.1.3
Index: xorg-x11-server.spec
===================================================================
RCS file: /cvs/pkgs/rpms/xorg-x11-server/devel/xorg-x11-server.spec,v
retrieving revision 1.424
retrieving revision 1.425
diff -u -r1.424 -r1.425
--- xorg-x11-server.spec 11 Mar 2009 20:49:07 -0000 1.424
+++ xorg-x11-server.spec 12 Mar 2009 17:34:00 -0000 1.425
@@ -19,7 +19,7 @@
Summary: X.Org X11 X server
Name: xorg-x11-server
Version: 1.6.0
-Release: 12%{?dist}
+Release: 13%{?dist}
URL: http://www.x.org
License: MIT
Group: User Interface/X
@@ -79,10 +79,13 @@
Patch6011: xserver-1.6.0-less-acpi-brokenness.patch
# don't try intel on poulsbo
-Patch6013: xserver-1.5.99.902-sod-off-poulsbo.patch
+Patch6012: xserver-1.5.99.902-sod-off-poulsbo.patch
# don't do selinux if we're not told to
-Patch6014: xserver-1.6.0-selinux-less.patch
+Patch6013: xserver-1.6.0-selinux-less.patch
+
+# selinux performance hack
+Patch6014: xserver-1.6.0-selinux-nlfd.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=20087
Patch6015: xserver-1.5.99.902-vnc.patch
@@ -144,7 +147,7 @@
# XXX silly...
BuildRequires: libdrm-devel >= 2.4.0 kernel-headers
-BuildRequires: audit-libs-devel libselinux-devel >= 2.0.59-1
+BuildRequires: audit-libs-devel libselinux-devel >= 2.0.79-1
BuildRequires: hal-devel dbus-devel
# All server subpackages have a virtual provide for the name of the server
@@ -158,6 +161,7 @@
Summary: Xorg server common files
Group: User Interface/X
Requires: pixman >= 0.14.0
+Requires: libselinux >= 2.0.79-1
%description common
Common files shared among all X servers.
@@ -507,6 +511,10 @@
%changelog
+* Thu Mar 12 2009 Adam Jackson <ajax at redhat.com> 1.6.0-13
+- xselinux-1.6.0-selinux-nlfd.patch: Acquire the netlink socket from selinux,
+ check it ourselves rather than having libselinux bang on it all the time.
+
* Wed Mar 11 2009 Adam Jackson <ajax at redhat.com> 1.6.0-12
- Requires: pixman >= 0.14.0
@@ -965,7 +973,7 @@
* Tue Mar 11 2008 Adam Jackson <ajax at redhat.com> 1.4.99.901-3.20080310
- New 1.5 snapshot.
-- xserver-1.5-x86emy.patch: Fix an x86emu quirk.
+- xserver-1.5-x86emu.patch: Fix an x86emu quirk.
* Fri Mar 07 2008 Adam Jackson <ajax at redhat.com> 1.4.99.901-1.20080307
- Today's 1.5 snapshot.
More information about the fedora-extras-commits
mailing list