Index: policy/domains/program/modutil.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/domains/program/modutil.te,v
retrieving revision 1.25
diff -u -r1.25 modutil.te
--- policy/domains/program/modutil.te	8 Nov 2004 20:58:16 -0000	1.25
+++ policy/domains/program/modutil.te	30 Nov 2004 21:30:27 -0000
@@ -123,7 +123,7 @@
 allow insmod_t self:rawip_socket create_socket_perms;
 allow insmod_t self:capability { dac_override kill net_raw sys_module sys_tty_config };
 allow insmod_t domain:process signal;
-allow insmod_t self:process { fork signal_perms };
+allow insmod_t self:process { fork signal_perms execmem };
 allow insmod_t device_t:dir search;
 allow insmod_t etc_runtime_t:file { getattr read };
 
Index: policy/domains/program/unused/prelink.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/domains/program/unused/prelink.te,v
retrieving revision 1.14
diff -u -r1.14 prelink.te
--- policy/domains/program/unused/prelink.te	8 Nov 2004 20:58:18 -0000	1.14
+++ policy/domains/program/unused/prelink.te	30 Nov 2004 21:30:27 -0000
@@ -11,6 +11,8 @@
 #
 daemon_base_domain(prelink, `, admin')
 
+allow prelink_t self:process execmem;
+
 allow prelink_t fs_t:filesystem getattr;
 
 ifdef(`crond.te', `
Index: policy/domains/program/unused/udev.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/domains/program/unused/udev.te,v
retrieving revision 1.32
diff -u -r1.32 udev.te
--- policy/domains/program/unused/udev.te	8 Nov 2004 20:58:19 -0000	1.32
+++ policy/domains/program/unused/udev.te	1 Dec 2004 16:42:27 -0000
@@ -13,6 +13,9 @@
 
 general_domain_access(udev_t)
 
+# for alsactl
+allow udev_t self:process execmem;
+
 etc_domain(udev)
 typealias udev_etc_t alias etc_udev_t;
 type udev_helper_exec_t, file_type, sysadmfile, exec_type;
Index: policy/flask/access_vectors
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/flask/access_vectors,v
retrieving revision 1.16
diff -u -r1.16 access_vectors
--- policy/flask/access_vectors	29 Nov 2004 21:37:03 -0000	1.16
+++ policy/flask/access_vectors	30 Nov 2004 21:31:06 -0000
@@ -118,6 +118,7 @@
 {
 	execute_no_trans
 	entrypoint
+	execmod
 }
 
 class lnk_file
@@ -242,6 +243,7 @@
 	rlimitinh
 	dyntransition
 	setcurrent
+	execmem
 }
 
 
Index: policy/macros/base_user_macros.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/macros/base_user_macros.te,v
retrieving revision 1.39
diff -u -r1.39 base_user_macros.te
--- policy/macros/base_user_macros.te	29 Nov 2004 19:01:25 -0000	1.39
+++ policy/macros/base_user_macros.te	1 Dec 2004 16:43:02 -0000
@@ -33,6 +33,12 @@
 # Grant permissions within the domain.
 general_domain_access($1_t);
 
+# Allow loading DSOs that require executable stack.
+allow $1_t self:process execmem;
+
+# Allow text relocations on system shared libraries, e.g. libGL.
+allow $1_t shlib_t:file execmod;
+
 #
 # kdeinit wants this access
 #
Index: policy/macros/core_macros.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/macros/core_macros.te,v
retrieving revision 1.27
diff -u -r1.27 core_macros.te
--- policy/macros/core_macros.te	29 Nov 2004 19:48:10 -0000	1.27
+++ policy/macros/core_macros.te	30 Nov 2004 21:31:46 -0000
@@ -627,9 +627,9 @@
 #
 define(`general_domain_access',`
 # Access other processes in the same domain.
-# Omits ptrace, setcurrent, setexec, and setfscreate.  These must be granted 
-# separately if desired.
-allow $1 self:process ~{ptrace setcurrent setexec setfscreate setrlimit};
+# Omits ptrace, setcurrent, setexec, setfscreate, setrlimit, and execmem.  
+# These must be granted separately if desired.
+allow $1 self:process ~{ptrace setcurrent setexec setfscreate setrlimit execmem};
 
 # Access /proc/PID files for processes in the same domain.
 allow $1 self:dir r_dir_perms;
Index: policy/macros/program/xserver_macros.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/macros/program/xserver_macros.te,v
retrieving revision 1.38
diff -u -r1.38 xserver_macros.te
--- policy/macros/program/xserver_macros.te	19 Nov 2004 22:03:34 -0000	1.38
+++ policy/macros/program/xserver_macros.te	30 Nov 2004 21:30:27 -0000
@@ -58,6 +58,8 @@
 # for access within the domain
 general_domain_access($1_xserver_t)
 
+allow $1_xserver_t self:process execmem;
+
 allow $1_xserver_t etc_runtime_t:file { getattr read };
 
 ifelse($1, xdm, `