summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libdrm/Makefile.in2
-rw-r--r--lib/libdrm/configure86
-rw-r--r--lib/libdrm/configure.ac10
-rw-r--r--lib/libdrm/libdrm/Makefile.in2
-rw-r--r--lib/libdrm/libdrm/config.h.in3
-rw-r--r--lib/libdrm/libdrm/xf86drm.c80
-rw-r--r--lib/libdrm/shared-core/Makefile.in2
7 files changed, 107 insertions, 78 deletions
diff --git a/lib/libdrm/Makefile.in b/lib/libdrm/Makefile.in
index d11025421..f0469f385 100644
--- a/lib/libdrm/Makefile.in
+++ b/lib/libdrm/Makefile.in
@@ -157,6 +157,8 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
+X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@
+X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
diff --git a/lib/libdrm/configure b/lib/libdrm/configure
index 94f845e48..a6aee5515 100644
--- a/lib/libdrm/configure
+++ b/lib/libdrm/configure
@@ -465,7 +465,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL pkgconfigdir LIBOBJS LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXX CXXFLAGS ac_ct_CXX CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL X_PRIVSEP_TRUE X_PRIVSEP_FALSE pkgconfigdir LIBOBJS LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
@@ -1037,6 +1037,8 @@ Optional Features:
--enable-dependency-tracking do not reject slow dependency extractors
--disable-libtool-lock avoid locking (might break parallel builds)
--disable-largefile omit support for large files
+ --enable-privsep Build support for X server privilege separation
+ (default is NO)
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -3677,7 +3679,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 3680 "configure"' > conftest.$ac_ext
+ echo '#line 3682 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -5276,7 +5278,7 @@ fi
# Provide some information about the compiler.
-echo "$as_me:5279:" \
+echo "$as_me:5281:" \
"checking for Fortran 77 compiler version" >&5
ac_compiler=`set X $ac_compile; echo $2`
{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
@@ -6339,11 +6341,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6342: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6344: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6346: \$? = $ac_status" >&5
+ echo "$as_me:6348: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -6607,11 +6609,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6610: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6612: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:6614: \$? = $ac_status" >&5
+ echo "$as_me:6616: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -6711,11 +6713,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:6714: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:6716: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:6718: \$? = $ac_status" >&5
+ echo "$as_me:6720: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -9060,7 +9062,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9063 "configure"
+#line 9065 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -9160,7 +9162,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
-#line 9163 "configure"
+#line 9165 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11504,11 +11506,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11507: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11509: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:11511: \$? = $ac_status" >&5
+ echo "$as_me:11513: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -11608,11 +11610,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:11611: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:11613: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:11615: \$? = $ac_status" >&5
+ echo "$as_me:11617: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -13178,11 +13180,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13181: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13183: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13185: \$? = $ac_status" >&5
+ echo "$as_me:13187: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -13282,11 +13284,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13285: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13287: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13289: \$? = $ac_status" >&5
+ echo "$as_me:13291: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -15489,11 +15491,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15492: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15494: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15496: \$? = $ac_status" >&5
+ echo "$as_me:15498: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -15757,11 +15759,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15760: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15762: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15764: \$? = $ac_status" >&5
+ echo "$as_me:15766: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -15861,11 +15863,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15864: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15866: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15868: \$? = $ac_status" >&5
+ echo "$as_me:15870: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -19902,6 +19904,31 @@ rm -f conftest*
fi
+# Check whether --enable-privsep or --disable-privsep was given.
+if test "${enable_privsep+set}" = set; then
+ enableval="$enable_privsep"
+ ENABLE_PRIVSEP="$enableval"
+else
+ ENABLE_PRIVSEP="no"
+fi;
+if test x$ENABLE_PRIVSEP = xyes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define X_PRIVSEP 1
+_ACEOF
+
+fi
+
+
+if test x$ENABLE_PRIVSEP = xyes; then
+ X_PRIVSEP_TRUE=
+ X_PRIVSEP_FALSE='#'
+else
+ X_PRIVSEP_TRUE='#'
+ X_PRIVSEP_FALSE=
+fi
+
+
pkgconfigdir=${libdir}/pkgconfig
@@ -20025,6 +20052,13 @@ echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
+if test -z "${X_PRIVSEP_TRUE}" && test -z "${X_PRIVSEP_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"X_PRIVSEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"X_PRIVSEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
: ${CONFIG_STATUS=./config.status}
ac_clean_files_save=$ac_clean_files
@@ -20625,6 +20659,8 @@ s,@F77@,$F77,;t t
s,@FFLAGS@,$FFLAGS,;t t
s,@ac_ct_F77@,$ac_ct_F77,;t t
s,@LIBTOOL@,$LIBTOOL,;t t
+s,@X_PRIVSEP_TRUE@,$X_PRIVSEP_TRUE,;t t
+s,@X_PRIVSEP_FALSE@,$X_PRIVSEP_FALSE,;t t
s,@pkgconfigdir@,$pkgconfigdir,;t t
s,@LIBOBJS@,$LIBOBJS,;t t
s,@LTLIBOBJS@,$LTLIBOBJS,;t t
diff --git a/lib/libdrm/configure.ac b/lib/libdrm/configure.ac
index c0b11b201..fa0290589 100644
--- a/lib/libdrm/configure.ac
+++ b/lib/libdrm/configure.ac
@@ -32,6 +32,16 @@ AC_PROG_CC
AC_HEADER_STDC
AC_SYS_LARGEFILE
+dnl Privsep
+AC_ARG_ENABLE(privsep,
+ AC_HELP_STRING([--enable-privsep],
+ [Build support for X server privilege separation (default is NO)]),
+ [ENABLE_PRIVSEP="$enableval"], [ENABLE_PRIVSEP="no"])
+if test x$ENABLE_PRIVSEP = xyes ; then
+ AC_DEFINE(X_PRIVSEP, 1, [Use X server privilege separation])
+fi
+AM_CONDITIONAL(X_PRIVSEP, [test x$ENABLE_PRIVSEP = xyes])
+
pkgconfigdir=${libdir}/pkgconfig
AC_SUBST(pkgconfigdir)
diff --git a/lib/libdrm/libdrm/Makefile.in b/lib/libdrm/libdrm/Makefile.in
index 7505b8d05..30833dda9 100644
--- a/lib/libdrm/libdrm/Makefile.in
+++ b/lib/libdrm/libdrm/Makefile.in
@@ -152,6 +152,8 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
+X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@
+X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
diff --git a/lib/libdrm/libdrm/config.h.in b/lib/libdrm/libdrm/config.h.in
index c45f6a2d0..11ae7dcc9 100644
--- a/lib/libdrm/libdrm/config.h.in
+++ b/lib/libdrm/libdrm/config.h.in
@@ -54,6 +54,9 @@
/* Version number of package */
#undef VERSION
+/* Use X server privilege separation */
+#undef X_PRIVSEP
+
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
diff --git a/lib/libdrm/libdrm/xf86drm.c b/lib/libdrm/libdrm/xf86drm.c
index 56450e80d..b4ee731a3 100644
--- a/lib/libdrm/libdrm/xf86drm.c
+++ b/lib/libdrm/libdrm/xf86drm.c
@@ -71,7 +71,7 @@
#endif
# ifdef __OpenBSD__
-# define DRM_MAJOR 81
+# define DRM_MAJOR 88
# endif
#ifndef DRM_MAJOR
@@ -268,61 +268,17 @@ static int drmMatchBusID(const char *id1, const char *id2)
*/
static int drmOpenDevice(long dev, int minor)
{
- stat_t st;
char buf[64];
int fd;
- mode_t devmode = DRM_DEV_MODE, serv_mode;
- int isroot = !geteuid();
- uid_t user = DRM_DEV_UID;
- gid_t group = DRM_DEV_GID, serv_group;
- sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
+ snprintf(buf, sizeof(buf), DRM_DEV_NAME, DRM_DIR_NAME, minor);
drmMsg("drmOpenDevice: node name is %s\n", buf);
- if (drm_server_info) {
- drm_server_info->get_perms(&serv_group, &serv_mode);
- devmode = serv_mode ? serv_mode : DRM_DEV_MODE;
- devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
- group = (serv_group >= 0) ? serv_group : DRM_DEV_GID;
- }
-
- if (stat(DRM_DIR_NAME, &st)) {
- if (!isroot) return DRM_ERR_NOT_ROOT;
- mkdir(DRM_DIR_NAME, DRM_DEV_DIRMODE);
- chown(DRM_DIR_NAME, 0, 0); /* root:root */
- chmod(DRM_DIR_NAME, DRM_DEV_DIRMODE);
- }
-
- /* Check if the device node exists and create it if necessary. */
- if (stat(buf, &st)) {
- if (!isroot) return DRM_ERR_NOT_ROOT;
- remove(buf);
- mknod(buf, S_IFCHR | devmode, dev);
- }
-
- if (drm_server_info) {
- chown(buf, user, group);
- chmod(buf, devmode);
- }
-
- fd = open(buf, O_RDWR, 0);
- drmMsg("drmOpenDevice: open result is %d, (%s)\n",
- fd, fd < 0 ? strerror(errno) : "OK");
- if (fd >= 0) return fd;
-
- /* Check if the device node is not what we expect it to be, and recreate it
- * and try again if so.
- */
- if (st.st_rdev != dev) {
- if (!isroot) return DRM_ERR_NOT_ROOT;
- remove(buf);
- mknod(buf, S_IFCHR | devmode, dev);
- if (drm_server_info) {
- chown(buf, user, group);
- chmod(buf, devmode);
- }
- }
+#ifndef X_PRIVSEP
fd = open(buf, O_RDWR, 0);
+#else
+ fd = priv_open_device(buf);
+#endif
drmMsg("drmOpenDevice: open result is %d, (%s)\n",
fd, fd < 0 ? strerror(errno) : "OK");
if (fd >= 0) return fd;
@@ -352,8 +308,13 @@ static int drmOpenMinor(int minor, int create)
if (create) return drmOpenDevice(makedev(DRM_MAJOR, minor), minor);
- sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
- if ((fd = open(buf, O_RDWR, 0)) >= 0) return fd;
+ snprintf(buf, sizeof(buf), DRM_DEV_NAME, DRM_DIR_NAME, minor);
+#ifndef X_PRIVSEP
+ fd = open(buf, O_RDWR, 0);
+#else
+ fd = priv_open_device(buf);
+#endif
+ if (fd >= 0) return fd;
return -errno;
}
@@ -379,6 +340,7 @@ int drmAvailable(void)
/* Try proc for backward Linux compatibility */
if (!access("/proc/dri/0", R_OK)) return 1;
#endif
+ drmMsg("drmAvailable: no\n");
return 0;
}
@@ -387,7 +349,7 @@ int drmAvailable(void)
drmFreeVersion(version);
}
close(fd);
-
+ drmMsg("drmAvailable: %d\n", retval);
return retval;
}
@@ -3276,3 +3238,15 @@ void drmCloseOnce(int fd)
}
}
}
+
+#ifdef X_PRIVSEP
+static int
+_priv_open_device(const char *path)
+{
+ drmMsg("_priv_open_device\n");
+ return open(path, O_RDWR, 0);
+}
+
+int priv_open_device(const char *)
+ __attribute__((weak, alias ("_priv_open_device")));
+#endif
diff --git a/lib/libdrm/shared-core/Makefile.in b/lib/libdrm/shared-core/Makefile.in
index de2ad7503..3a6dc3f70 100644
--- a/lib/libdrm/shared-core/Makefile.in
+++ b/lib/libdrm/shared-core/Makefile.in
@@ -137,6 +137,8 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
+X_PRIVSEP_FALSE = @X_PRIVSEP_FALSE@
+X_PRIVSEP_TRUE = @X_PRIVSEP_TRUE@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@