diff options
| author |   Scott Murray <scott.murray@konsulko.com> | 2020-05-05 15:04:46 -0400 |
|---|---|---|
| committer |   Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2020-05-12 23:34:44 +0000 |
| commit | 8b1baf589ebad0862791c32c7a9b953071dec20a (patch) | |
| tree | eb1f281db04fa89f0b5fba0b1ff27042fc5a824f /meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch | |
| parent | 07663d068cfaddb8ba4287a1c8cf4a8456873cb6 (diff) | |
meta-agl-profile-graphical: add SMACK labelling for weston
The initial patch to allow disabling memfd usage in weston has
proven to be naive, as the v7 wayland seat resource changes in
Weston 8.0.0 are dependent on them. To avoid needing to make more
invasive changes such as forcing the seat resource version back to
v6, drop the patch in favor of having Weston run under a
System::Weston SMACK label and adding the rules required to have it
work.
As well, use-XDG_RUNTIMESHARE_DIR.patch and the associated service
unit changes have been removed since they are not required now with
explicit labelling in place.
Bug-AGL: SPEC-3305, SPEC-3350
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I8aef287219a7f95992a82f4ec2ee8e1822ca4ce8
Diffstat (limited to 'meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch')
| -rw-r--r-- | meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch deleted file mode 100644 index f4ea60130..000000000 --- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch +++ /dev/null @@ -1,48 +0,0 @@ -Add memfd-create option - -Add a meson build option, memfd-create, that controls whether the -memfd_create system call support will be enabled. The default value -is true so that it will be enabled, but it allows users like AGL -that currently has issues with security labels and memfd to disable -it. - -Upstream-Status: Pending - -Signed-off-by: Scott Murray <scott.murray@konsulko.com> - -diff --git a/meson.build b/meson.build -index 82107e1..9d042ca 100644 ---- a/meson.build -+++ b/meson.build -@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major') - endif - - optional_libc_funcs = [ -- 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create' -+ 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate' - ] -+if get_option('memfd-create') -+ optional_libc_funcs += [ 'memfd_create' ] -+endif -+ - foreach func : optional_libc_funcs - if cc.has_function(func) - config_h.set('HAVE_' + func.to_upper(), 1) -diff --git a/meson_options.txt b/meson_options.txt -index 80a2ad7..4a93472 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -99,6 +99,13 @@ option( - description: 'systemd service plugin: state notify, watchdog, socket activation' - ) - -+option( -+ 'memfd-create', -+ type: 'boolean', -+ value: true, -+ description: 'Use memfd_create system call' -+) -+ - option( - 'remoting', - type: 'boolean', |