From bfdfd6c3dff618370b4b8a39f8875f2977edcbbf Mon Sep 17 00:00:00 2001 From: Benjamin Saunders Date: Sun, 19 Feb 2017 11:52:36 -0800 Subject: [PATCH] vulkan-loader: fix search paths in suid processes Fixes #22990 --- .../libraries/vulkan-loader/default.nix | 5 +- .../vulkan-loader/fallback-paths.patch | 52 +++++++++++++++++++ 2 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/libraries/vulkan-loader/fallback-paths.patch diff --git a/pkgs/development/libraries/vulkan-loader/default.nix b/pkgs/development/libraries/vulkan-loader/default.nix index 46994a495eb..a1b9ee03f23 100644 --- a/pkgs/development/libraries/vulkan-loader/default.nix +++ b/pkgs/development/libraries/vulkan-loader/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchgit, fetchFromGitHub, cmake, pkgconfig, git, python3, python3Packages, glslang, spirv-tools, x11, libxcb, libXrandr, - libXext, wayland }: + libXext, wayland, mesa_noglu }: let version = "1.0.39.1"; @@ -23,9 +23,10 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_WSI_MIR_SUPPORT=OFF" + "-DFALLBACK_DATA_DIRS=${mesa_noglu.driverLink}/share:/usr/local/share:/usr/share" ]; - patches = [ ./use-xdg-paths.patch ]; + patches = [ ./use-xdg-paths.patch ./fallback-paths.patch ]; outputs = [ "out" "dev" "demos" ]; diff --git a/pkgs/development/libraries/vulkan-loader/fallback-paths.patch b/pkgs/development/libraries/vulkan-loader/fallback-paths.patch new file mode 100644 index 00000000000..d8d9fdd3f5f --- /dev/null +++ b/pkgs/development/libraries/vulkan-loader/fallback-paths.patch @@ -0,0 +1,52 @@ +commit a59b141559a8c1813da438b97e5f79eeb6cc7642 +Author: Benjamin Saunders +Date: Sun Feb 19 11:14:24 2017 -0800 + + loader: Configurable fallback search paths + + This makes it easier for non-FHS distributions to behave well when the loader + is used by a SUID process or in an otherwise unusual environment. + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index a43d264..d28b3f5 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -16,6 +16,11 @@ set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + find_package(PythonInterp 3 REQUIRED) + + if(CMAKE_SYSTEM_NAME STREQUAL "Linux") ++ set(FALLBACK_CONFIG_DIRS "/etc/xdg" CACHE STRING ++ "Search path to use when XDG_CONFIG_DIRS is unset or empty or the current process is SUID/SGID. Default is freedesktop compliant.") ++ set(FALLBACK_DATA_DIRS "/usr/local/share:/usr/share" CACHE STRING ++ "Search path to use when XDG_DATA_DIRS is unset or empty or the current process is SUID/SGID. Default is freedesktop compliant.") ++ + include(FindPkgConfig) + option(BUILD_WSI_XCB_SUPPORT "Build XCB WSI support" ON) + option(BUILD_WSI_XLIB_SUPPORT "Build Xlib WSI support" ON) +@@ -285,7 +290,10 @@ run_vk_xml_generate(dispatch_table_generator.py vk_dispatch_table_helper.h) + if(NOT WIN32) + include(GNUInstallDirs) + ++ add_definitions(-DFALLBACK_CONFIG_DIRS="${FALLBACK_CONFIG_DIRS}") ++ add_definitions(-DFALLBACK_DATA_DIRS="${FALLBACK_DATA_DIRS}") + add_definitions(-DSYSCONFDIR="${CMAKE_INSTALL_FULL_SYSCONFDIR}") ++ + # Make sure /etc is searched by the loader + if(NOT (CMAKE_INSTALL_FULL_SYSCONFDIR STREQUAL "/etc")) + add_definitions(-DEXTRASYSCONFDIR="/etc") +diff --git a/loader/loader.c b/loader/loader.c +index 81c37c4..83378eb 100644 +--- a/loader/loader.c ++++ b/loader/loader.c +@@ -2644,9 +2644,9 @@ static VkResult loader_get_manifest_files(const struct loader_instance *inst, co + const char *xdgconfdirs = secure_getenv("XDG_CONFIG_DIRS"); + const char *xdgdatadirs = secure_getenv("XDG_DATA_DIRS"); + if (xdgconfdirs == NULL || xdgconfdirs[0] == '\0') +- xdgconfdirs = "/etc/xdg"; ++ xdgconfdirs = FALLBACK_CONFIG_DIRS; + if (xdgdatadirs == NULL || xdgdatadirs[0] == '\0') +- xdgdatadirs = "/usr/local/share:/usr/share"; ++ xdgdatadirs = FALLBACK_DATA_DIRS; + const size_t rel_size = strlen(relative_location); + // Leave space for trailing separators + loc_size += strlen(xdgconfdirs) + strlen(xdgdatadirs) + 2*rel_size + 2;