PolicyKit: Branch 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jul 31 13:47:48 UTC 2023
src/polkitbackend/polkitbackendjsauthority.cpp | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
New commits:
commit 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
Author: Xi Ruoyao <xry111 at xry111.site>
Date: Sat Jul 29 17:44:58 2023 +0800
jsauthority: mozjs: Disable JIT
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
setting does not allow it.
For polkit, security is much more important than the speed running
Javascript code in rule files, so we should disable JIT.
Fixes #199.
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 004748a..e265234 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -56,7 +56,16 @@
static class JsInitHelperType
{
public:
- JsInitHelperType() { JS_Init(); }
+ JsInitHelperType()
+ {
+ /* Disable JIT because it needs W/X mapping, which is not allowed by
+ * our systemd hardening setting.
+ */
+ JS::DisableJitBackend();
+
+ JS_Init();
+ }
+
~JsInitHelperType() { JS_ShutDown(); }
} JsInitHelper;
More information about the hal-commit
mailing list