From e2c93c5b5ba29f3e4b901f870d2e11e5e485da35 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Thu, 2 Apr 2020 11:49:45 -0400 Subject: meta-agl-profile-graphical: disable memfd usage in weston The YP dunfell release's Weston 8.0.0 is the first version to switch to hard-coded usage of memfd's for its shared memory access if the memfd_create system call is available in libc. At the moment, this is problematic since accesses to the non-filesystem file descriptors get blocked by SMACK. For now, while a longer-term solution is worked out in SPEC-3305, patch Weston to allow disabling memfs usage at build time, and do so by using the option in our bbappend. Bug-AGL: SPEC-3302, SPEC-3305 Signed-off-by: Scott Murray Change-Id: Ie217c63cd4f43e3de1e802cb026c1ee2905bc5b7 --- .../weston/0005-add-memfd-create-option.patch | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch (limited to 'meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch') diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch new file mode 100644 index 000000000..f4ea60130 --- /dev/null +++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch @@ -0,0 +1,48 @@ +Add memfd-create option + +Add a meson build option, memfd-create, that controls whether the +memfd_create system call support will be enabled. The default value +is true so that it will be enabled, but it allows users like AGL +that currently has issues with security labels and memfd to disable +it. + +Upstream-Status: Pending + +Signed-off-by: Scott Murray + +diff --git a/meson.build b/meson.build +index 82107e1..9d042ca 100644 +--- a/meson.build ++++ b/meson.build +@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major') + endif + + optional_libc_funcs = [ +- 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create' ++ 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate' + ] ++if get_option('memfd-create') ++ optional_libc_funcs += [ 'memfd_create' ] ++endif ++ + foreach func : optional_libc_funcs + if cc.has_function(func) + config_h.set('HAVE_' + func.to_upper(), 1) +diff --git a/meson_options.txt b/meson_options.txt +index 80a2ad7..4a93472 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -99,6 +99,13 @@ option( + description: 'systemd service plugin: state notify, watchdog, socket activation' + ) + ++option( ++ 'memfd-create', ++ type: 'boolean', ++ value: true, ++ description: 'Use memfd_create system call' ++) ++ + option( + 'remoting', + type: 'boolean', -- cgit 1.2.3-korg