rpms/xorg-x11-server/devel xserver-1.6.0-primary.patch, NONE, 1.1 xserver-1.6.0-selinux-destroy.patch, NONE, 1.1 xserver-1.6.0-selinux-raw.patch, NONE, 1.1
Adam Jackson
ajax at fedoraproject.org
Tue Mar 3 19:34:21 UTC 2009
- Previous message (by thread): rpms/avant-window-navigator/F-10 avant-window-navigator-0.3.2-python-platform.patch, NONE, 1.1 avant-window-navigator.spec, 1.20, 1.21
- Next message (by thread): rpms/kdelibs/F-10 kdelibs-4.2.1-kjs-gcc44-crash.patch, NONE, 1.1 kdelibs.spec, 1.407, 1.408 kdelibs-4.2.0-kjs-gcc44-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ajax
Update of /cvs/pkgs/rpms/xorg-x11-server/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7597
Added Files:
xserver-1.6.0-primary.patch
xserver-1.6.0-selinux-destroy.patch
xserver-1.6.0-selinux-raw.patch
Log Message:
* Tue Mar 03 2009 Adam Jackson <ajax at redhat.com> 1.6.0-4
- xserver-1.6.0-selinux-raw.patch: Deal in raw contexts, to avoid paying
the price for setrans on every object.
- xserver-1.6.0-primary.patch: Try harder to figure out what the primary
video device is on machines with multiple GPUs.
- xserver-1.6.0-selinux-destroy.patch: Don't bother relabeling objects that
are on the way to destruction.
xserver-1.6.0-primary.patch:
--- NEW FILE xserver-1.6.0-primary.patch ---
>From 9ee22b4f743a2850fed35f179c56f94ce4bb5242 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax at redhat.com>
Date: Tue, 3 Mar 2009 10:58:33 -0500
Subject: [PATCH] Primary video device hack
---
hw/xfree86/common/xf86pciBus.c | 54 ++++++++++++++++++++++++++++++++++-----
1 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/hw/xfree86/common/xf86pciBus.c b/hw/xfree86/common/xf86pciBus.c
index 467a0c3..f9999d8 100644
--- a/hw/xfree86/common/xf86pciBus.c
+++ b/hw/xfree86/common/xf86pciBus.c
@@ -341,6 +341,39 @@ restorePciBusState(BusAccPtr ptr)
}
#undef MASKBITS
+/* oh god what have i done */
+static Bool
+looks_like_bios_primary(struct pci_device *info)
+{
+ unsigned char *bios;
+ unsigned short vendor, device;
+ int offset;
+ Bool ret = FALSE;
+
+ bios = xf86MapVidMem(-1, VIDMEM_MMIO, 0xc0000, 0x10000);
+ if (!bios)
+ return FALSE;
+
+ if (bios[0] != 0x55 || bios[1] != 0xAA)
+ goto out;
+
+ offset = (bios[0x19] << 8) + bios[0x18];
+
+ if (bios[offset] != 'P' ||
+ bios[offset+1] != 'C' ||
+ bios[offset+2] != 'I' ||
+ bios[offset+3] != 'R')
+ goto out;
+
+ vendor = (bios[offset+5] << 8) + bios[offset+4];
+ device = (bios[offset+7] << 8) + bios[offset+6];
+
+ ret = (info->vendor_id == vendor) && (info->device_id == device);
+
+out:
+ xf86UnMapVidMem(-1, bios, 0x10000);
+ return ret;
+}
/*
* xf86Bus.c interface
@@ -375,24 +408,31 @@ xf86PciProbe(void)
}
}
-
/* If we haven't found a primary device try a different heuristic */
if (primaryBus.type == BUS_NONE && num) {
for (i = 0; i < num; i++) {
uint16_t command;
info = xf86PciVideoInfo[i];
+ if (!IS_VGA(info->device_class))
+ continue;
+
pci_device_cfg_read_u16(info, & command, 4);
- if ((command & PCI_CMD_MEM_ENABLE)
- && ((num == 1) || IS_VGA(info->device_class))) {
- if (primaryBus.type == BUS_NONE) {
+ if ((command & PCI_CMD_MEM_ENABLE)) {
+ if (num == 1) {
primaryBus.type = BUS_PCI;
primaryBus.id.pci = info;
- } else {
- xf86Msg(X_NOTICE,
+ break;
+ } else if (looks_like_bios_primary(info)) {
+ if (primaryBus.type == BUS_NONE) {
+ primaryBus.type = BUS_PCI;
+ primaryBus.id.pci = info;
+ } else {
+ xf86Msg(X_NOTICE,
"More than one possible primary device found\n");
- primaryBus.type ^= (BusType)(-1);
+ primaryBus.type ^= (BusType)(-1);
+ }
}
}
}
--
1.6.1.3
xserver-1.6.0-selinux-destroy.patch:
--- NEW FILE xserver-1.6.0-selinux-destroy.patch ---
>From 00fb367cffcc6dd36e5c023757414ed63e13e643 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax at redhat.com>
Date: Tue, 3 Mar 2009 14:32:52 -0500
Subject: [PATCH] Don't bother relabeling resources that are being destroyed
---
Xext/xselinux.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 6085983..f8495ea 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1150,6 +1150,8 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (rec->type != RT_WINDOW)
return;
+ if (rec->state != ResourceStateAdding)
+ return;
pWin = (WindowPtr)rec->value;
subj = dixLookupPrivate(&wClient(pWin)->devPrivates, subjectKey);
--
1.6.1.3
xserver-1.6.0-selinux-raw.patch:
--- NEW FILE xserver-1.6.0-selinux-raw.patch ---
>From 252522d2caa87dbfb510436a56332bd6e86b1a96 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax at redhat.com>
Date: Mon, 2 Mar 2009 18:31:18 -0500
Subject: [PATCH] selinux raw patch
---
Xext/xselinux.c | 64 +++++++++++++++++++++++++++---------------------------
1 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 8e026be..6085983 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -186,19 +186,19 @@ SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec *obj, int map, int polymap)
obj->poly = 1;
/* Look in the mappings of names to contexts */
- if (selabel_lookup(label_hnd, &ctx, name, map) == 0) {
+ if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
obj->poly = 0;
} else if (errno != ENOENT) {
ErrorF("SELinux: a property label lookup failed!\n");
return BadValue;
- } else if (selabel_lookup(label_hnd, &ctx, name, polymap) < 0) {
+ } else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
ErrorF("SELinux: a property label lookup failed!\n");
return BadValue;
}
/* Get a SID for context */
- if (avc_context_to_sid(ctx, &obj->sid) < 0) {
- ErrorF("SELinux: a context_to_SID call failed!\n");
+ if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
rc = BadAlloc;
}
@@ -343,7 +343,7 @@ SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
SELinuxObjectRec *sid_return)
{
const char *name = LookupEventName(type);
- security_context_t con;
+ security_context_t ctx;
type &= 127;
if (type >= numKnownEvents) {
@@ -359,16 +359,16 @@ SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
if (!knownEvents[type]) {
/* Look in the mappings of event names to contexts */
- if (selabel_lookup(label_hnd, &con, name, SELABEL_X_EVENT) < 0) {
+ if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
ErrorF("SELinux: an event label lookup failed!\n");
return BadValue;
}
/* Get a SID for context */
- if (avc_context_to_sid(con, knownEvents + type) < 0) {
- ErrorF("SELinux: a context_to_SID call failed!\n");
+ if (avc_context_to_sid_raw(ctx, knownEvents + type) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
return BadAlloc;
}
- freecon(con);
+ freecon(ctx);
}
/* Perform a transition to obtain the final SID */
@@ -474,7 +474,7 @@ SELinuxLabelClient(ClientPtr client)
/* Try to get a context from the socket */
if (fd < 0 || getpeercon_raw(fd, &ctx) < 0) {
/* Otherwise, fall back to a default context */
- if (selabel_lookup(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
+ if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
FatalError("SELinux: failed to look up remote-client context\n");
}
@@ -509,8 +509,8 @@ SELinuxLabelClient(ClientPtr client)
finish:
/* Get a SID from the context */
- if (avc_context_to_sid(ctx, &subj->sid) < 0)
- FatalError("SELinux: client %d: context_to_sid(%s) failed\n",
+ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
+ FatalError("SELinux: client %d: context_to_sid_raw(%s) failed\n",
client->index, ctx);
sidget(obj->sid = subj->sid);
@@ -541,7 +541,7 @@ SELinuxLabelInitial(void)
FatalError("SELinux: couldn't get context of X server process\n");
/* Get a SID from the context */
- if (avc_context_to_sid(ctx, &subj->sid) < 0)
+ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
FatalError("SELinux: serverClient: context_to_sid(%s) failed\n", ctx);
sidget(obj->sid = subj->sid);
@@ -827,20 +827,20 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
/* XXX there should be a separate callback for this */
if (obj->sid == unlabeled_sid) {
const char *name = rec->ext->name;
- security_context_t con;
+ security_context_t ctx;
security_id_t sid;
serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
/* Look in the mappings of extension names to contexts */
- if (selabel_lookup(label_hnd, &con, name, SELABEL_X_EXT) < 0) {
+ if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
ErrorF("SELinux: a property label lookup failed!\n");
rec->status = BadValue;
return;
}
/* Get a SID for context */
- if (avc_context_to_sid(con, &sid) < 0) {
- ErrorF("SELinux: a context_to_SID call failed!\n");
+ if (avc_context_to_sid_raw(ctx, &sid) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
rec->status = BadAlloc;
return;
}
@@ -851,11 +851,11 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION,
&obj->sid) < 0) {
ErrorF("SELinux: a SID transition call failed!\n");
- freecon(con);
+ freecon(ctx);
rec->status = BadValue;
return;
}
- freecon(con);
+ freecon(ctx);
}
/* Perform the security check */
@@ -1156,7 +1156,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (subj->sid) {
security_context_t ctx;
- int rc = avc_sid_to_context(subj->sid, &ctx);
+ int rc = avc_sid_to_context_raw(subj->sid, &ctx);
if (rc < 0)
FatalError("SELinux: Failed to get security context!\n");
rc = dixChangeWindowProperty(serverClient,
@@ -1172,7 +1172,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (obj->sid) {
security_context_t ctx;
- int rc = avc_sid_to_context(obj->sid, &ctx);
+ int rc = avc_sid_to_context_raw(obj->sid, &ctx);
if (rc < 0)
FatalError("SELinux: Failed to get security context!\n");
rc = dixChangeWindowProperty(serverClient,
@@ -1288,7 +1288,7 @@ SELinuxSendContextReply(ClientPtr client, security_id_t sid)
int len = 0;
if (sid) {
- if (avc_sid_to_context(sid, &ctx) < 0)
+ if (avc_sid_to_context_raw(sid, &ctx) < 0)
return BadValue;
len = strlen(ctx) + 1;
}
@@ -1347,9 +1347,9 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
*pSid = NULL;
if (stuff->context_len > 0) {
- if (security_check_context(ctx) < 0)
+ if (security_check_context_raw(ctx) < 0)
return BadValue;
- if (avc_context_to_sid(ctx, pSid) < 0)
+ if (avc_context_to_sid_raw(ctx, pSid) < 0)
return BadValue;
}
return Success;
@@ -1393,9 +1393,9 @@ ProcSELinuxSetDeviceContext(ClientPtr client)
if (rc != Success)
return rc;
- if (security_check_context(ctx) < 0)
+ if (security_check_context_raw(ctx) < 0)
return BadValue;
- if (avc_context_to_sid(ctx, &sid) < 0)
+ if (avc_context_to_sid_raw(ctx, &sid) < 0)
return BadValue;
subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
@@ -1511,9 +1511,9 @@ SELinuxPopulateItem(SELinuxListItemRec *i, PrivateRec **privPtr, CARD32 id,
SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey);
SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey);
- if (avc_sid_to_context(obj->sid, &i->octx) < 0)
+ if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0)
return BadValue;
- if (avc_sid_to_context(data->sid, &i->dctx) < 0)
+ if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0)
return BadValue;
i->id = id;
@@ -1941,7 +1941,7 @@ SELinuxExtensionInit(INITARGS)
ExtensionEntry *extEntry;
struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *)1 };
struct selinux_opt avc_option = { AVC_OPT_SETENFORCE, (char *)0 };
- security_context_t con;
+ security_context_t ctx;
int ret = TRUE;
/* Check SELinux mode on system */
@@ -1988,11 +1988,11 @@ SELinuxExtensionInit(INITARGS)
if (!label_hnd)
FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
- if (security_get_initial_context("unlabeled", &con) < 0)
+ if (security_get_initial_context_raw("unlabeled", &ctx) < 0)
FatalError("SELinux: Failed to look up unlabeled context\n");
- if (avc_context_to_sid(con, &unlabeled_sid) < 0)
+ if (avc_context_to_sid_raw(ctx, &unlabeled_sid) < 0)
FatalError("SELinux: a context_to_SID call failed!\n");
- freecon(con);
+ freecon(ctx);
/* Prepare for auditing */
audit_fd = audit_open();
--
1.6.1.3
- Previous message (by thread): rpms/avant-window-navigator/F-10 avant-window-navigator-0.3.2-python-platform.patch, NONE, 1.1 avant-window-navigator.spec, 1.20, 1.21
- Next message (by thread): rpms/kdelibs/F-10 kdelibs-4.2.1-kjs-gcc44-crash.patch, NONE, 1.1 kdelibs.spec, 1.407, 1.408 kdelibs-4.2.0-kjs-gcc44-crash.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list