summaryrefslogtreecommitdiffstats
path: root/meta-agl-profile-graphical/recipes-graphics/wayland/weston
diff options
context:
space:
mode:
Diffstat (limited to 'meta-agl-profile-graphical/recipes-graphics/wayland/weston')
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch48
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston/smack-weston8
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston/use-XDG_RUNTIMESHARE_DIR.patch49
3 files changed, 8 insertions, 97 deletions
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
deleted file mode 100644
index f4ea60130..000000000
--- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Add memfd-create option
-
-Add a meson build option, memfd-create, that controls whether the
-memfd_create system call support will be enabled. The default value
-is true so that it will be enabled, but it allows users like AGL
-that currently has issues with security labels and memfd to disable
-it.
-
-Upstream-Status: Pending
-
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
-
-diff --git a/meson.build b/meson.build
-index 82107e1..9d042ca 100644
---- a/meson.build
-+++ b/meson.build
-@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major')
- endif
-
- optional_libc_funcs = [
-- 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create'
-+ 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate'
- ]
-+if get_option('memfd-create')
-+ optional_libc_funcs += [ 'memfd_create' ]
-+endif
-+
- foreach func : optional_libc_funcs
- if cc.has_function(func)
- config_h.set('HAVE_' + func.to_upper(), 1)
-diff --git a/meson_options.txt b/meson_options.txt
-index 80a2ad7..4a93472 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -99,6 +99,13 @@ option(
- description: 'systemd service plugin: state notify, watchdog, socket activation'
- )
-
-+option(
-+ 'memfd-create',
-+ type: 'boolean',
-+ value: true,
-+ description: 'Use memfd_create system call'
-+)
-+
- option(
- 'remoting',
- type: 'boolean',
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/smack-weston b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/smack-weston
new file mode 100644
index 000000000..63a32405a
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/smack-weston
@@ -0,0 +1,8 @@
+System System::Weston rwxa--
+System::Weston System rwx---
+System::Weston System::Shared rwx---
+System::Weston System::Run rwxat-
+System::Weston System::Log rwxa--
+System::Weston _ r-x--l
+System::Weston User::Home r-x--l
+System::Weston User::App-Shared rwxat-
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/use-XDG_RUNTIMESHARE_DIR.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/use-XDG_RUNTIMESHARE_DIR.patch
deleted file mode 100644
index 0e5d7cdf9..000000000
--- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/use-XDG_RUNTIMESHARE_DIR.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 0ed62e1a0beb47e033f7632dbf6d2087366b7830 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Fri, 13 Oct 2017 14:05:56 +0200
-Subject: [PATCH] use XDG_RUNTIMESHARE_DIR
-
-When running with LSM Smack, the file returned by the
-function 'os_create_anonymous_file' is tagged with the
-security label of weston. That security label genrally doesn't
-allow sharing of files? Then passing the vreated file descriptor
-to the client application fails with EPERM.
-
-To allow file descriptors to be tagged with a security
-label that allows clients to receive and use it, that
-patch introduce the use of the environment variable
-XDG_RUNTIMESHARE_DIR that takes precedence over
-XDG_RUNTIME_DIR whe, creating anonymous file is needed.
-
-A correct setting of the shared directory using Smack's
-transmute mechanism allows set up file tag for sharing.
-
-This patch was submitted upstream for discussion but
-was rejected with the following reason (IIRC): "the
-function 'os_create_anonymous_file' and the sharing
-are obsolete and should not be used anymore. IVI was
-requiring it but newer version don't use it". Halas,
-even aligned with latest versions of IVI-shell and weston,
-the patch is needed. Because of its simplicity, it can
-remain maintained locally out of mainstream in the wait
-of further investigations.
-
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-[Updated for Weston 8.0.0]
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
-
-diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
-index 5e1ce47..9962588 100644
---- a/shared/os-compatibility.c
-+++ b/shared/os-compatibility.c
-@@ -184,7 +184,9 @@ os_create_anonymous_file(off_t size)
- } else
- #endif
- {
-- path = getenv("XDG_RUNTIME_DIR");
-+ path = getenv("XDG_RUNTIMESHARE_DIR");
-+ if (!path)
-+ path = getenv("XDG_RUNTIME_DIR");
- if (!path) {
- errno = ENOENT;
- return -1;