--- ./src/mesa/x86/rtasm/x86sse.h.selinux-awareness	2006-08-09 16:05:26.000000000 -0400
+++ ./src/mesa/x86/rtasm/x86sse.h	2006-08-22 21:14:45.000000000 -0400
@@ -80,8 +80,8 @@
  */
 
 
-void x86_init_func( struct x86_function *p );
-void x86_init_func_size( struct x86_function *p, GLuint code_size );
+int x86_init_func( struct x86_function *p );
+int x86_init_func_size( struct x86_function *p, GLuint code_size );
 void x86_release_func( struct x86_function *p );
 void (*x86_get_func( struct x86_function *p ))( void );
 
--- ./src/mesa/x86/rtasm/x86sse.c.selinux-awareness	2006-08-09 16:05:26.000000000 -0400
+++ ./src/mesa/x86/rtasm/x86sse.c	2006-08-22 21:14:45.000000000 -0400
@@ -1063,15 +1063,17 @@
 }
 
 
-void x86_init_func( struct x86_function *p )
+int x86_init_func( struct x86_function *p )
 {
-   x86_init_func_size(p, 1024);
+   return x86_init_func_size(p, 1024);
 }
 
-void x86_init_func_size( struct x86_function *p, GLuint code_size )
+int x86_init_func_size( struct x86_function *p, GLuint code_size )
 {
    p->store = _mesa_exec_malloc(code_size);
    p->csr = p->store;
+
+   return (p->store != NULL);
 }
 
 void x86_release_func( struct x86_function *p )
--- ./src/mesa/main/execmem.c.selinux-awareness	2006-05-10 05:00:16.000000000 -0400
+++ ./src/mesa/main/execmem.c	2006-08-22 21:14:45.000000000 -0400
@@ -36,7 +36,7 @@
 
 
 
-#if defined(__linux__) && !defined(XFree86Server)
+#if defined(__linux__)
 
 /*
  * Allocate a large block of memory which can hold code then dole it out
@@ -46,6 +46,7 @@
 #include <unistd.h>
 #include <sys/mman.h>
 #include "mm.h"
+#include <selinux/selinux.h>
 
 #define EXEC_HEAP_SIZE (10*1024*1024)
 
@@ -55,9 +56,16 @@
 static unsigned char *exec_mem = NULL;
 
 
-static void
+static int
 init_heap(void)
 {
+
+   if (is_selinux_enabled()) {
+      if (!security_get_boolean_active("allow_execmem") ||
+	  !security_get_boolean_pending("allow_execmem"))
+	 return 0;
+   }
+
    if (!exec_heap)
       exec_heap = mmInit( 0, EXEC_HEAP_SIZE );
    
@@ -65,6 +73,8 @@
       exec_mem = (unsigned char *) mmap(0, EXEC_HEAP_SIZE, 
 					PROT_EXEC | PROT_READ | PROT_WRITE, 
 					MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+   return (exec_mem != NULL);
 }
 
 
@@ -76,7 +86,8 @@
 
    _glthread_LOCK_MUTEX(exec_mutex);
 
-   init_heap();
+   if (!init_heap())
+      goto bail;
 
    if (exec_heap) {
       size = (size + 31) & ~31;
@@ -87,7 +98,8 @@
       addr = exec_mem + block->ofs;
    else 
       _mesa_printf("_mesa_exec_malloc failed\n");
-   
+
+ bail:   
    _glthread_UNLOCK_MUTEX(exec_mutex);
    
    return addr;
--- ./src/mesa/tnl/t_vb_arbprogram_sse.c.selinux-awareness	2006-06-01 18:56:40.000000000 -0400
+++ ./src/mesa/tnl/t_vb_arbprogram_sse.c	2006-08-22 21:14:45.000000000 -0400
@@ -1298,7 +1298,8 @@
       p->compiled_func = NULL;
    }
 
-   x86_init_func(&cp.func);
+   if (!x86_init_func(&cp.func))
+       return GL_FALSE;
 
    cp.fpucntl = RESTORE_FPU;
 
--- ./src/mesa/tnl/t_vertex_sse.c.selinux-awareness	2005-09-16 14:14:25.000000000 -0400
+++ ./src/mesa/tnl/t_vertex_sse.c	2006-08-22 21:14:45.000000000 -0400
@@ -348,7 +348,8 @@
    struct x86_reg vp1 = x86_make_reg(file_XMM, 2);
    GLubyte *fixup, *label;
 
-   x86_init_func(&p->func);
+   if (!x86_init_func(&p->func))
+       return GL_FALSE;
    
    /* Push a few regs?
     */
@@ -646,7 +647,10 @@
    p.identity = x86_make_reg(file_XMM, 6);
    p.chan0 = x86_make_reg(file_XMM, 7);
 
-   x86_init_func(&p.func);
+   if (!x86_init_func(&p.func)) {
+      vtx->codegen_emit = NULL;
+      return;
+   }
 
    if (build_vertex_emit(&p)) {
       _tnl_register_fastpath( vtx, GL_TRUE );
--- ./src/mesa/drivers/dri/radeon/radeon_context.h.selinux-awareness	2006-04-11 07:41:11.000000000 -0400
+++ ./src/mesa/drivers/dri/radeon/radeon_context.h	2006-08-23 10:23:20.000000000 -0400
@@ -778,6 +778,7 @@
    GLuint TexMatColSwap;
    GLmatrix tmpmat[RADEON_MAX_TEXTURE_UNITS];
    GLuint last_ReallyEnabled;
+   GLint tcl_mode;
 
    /* VBI
     */
--- ./src/mesa/drivers/dri/radeon/radeon_context.c.selinux-awareness	2006-04-09 13:48:28.000000000 -0400
+++ ./src/mesa/drivers/dri/radeon/radeon_context.c	2006-08-22 21:14:45.000000000 -0400
@@ -471,11 +471,20 @@
    }
 
    if (rmesa->radeonScreen->chip_flags & RADEON_CHIPSET_TCL) {
-      if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
-	 radeonVtxfmtInit( ctx, tcl_mode >= DRI_CONF_TCL_CODEGEN );
+      void *test = NULL;
+      if ((test = _mesa_exec_malloc(64))) {
+         if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
+	    radeonVtxfmtInit( ctx, tcl_mode >= DRI_CONF_TCL_CODEGEN );
+      } else {
+	  tcl_mode = DRI_CONF_TCL_PIPELINED;
+      }
+      if (test)
+         _mesa_exec_free(test);
 
       _tnl_need_dlist_norm_lengths( ctx, GL_FALSE );
    }
+
+   rmesa->tcl_mode = tcl_mode;
    return GL_TRUE;
 }
 
@@ -516,8 +525,7 @@
       }
 
       if (!(rmesa->TclFallback & RADEON_TCL_FALLBACK_TCL_DISABLE)) {
-	 int tcl_mode = driQueryOptioni(&rmesa->optionCache, "tcl_mode");
-	 if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
+	 if (rmesa->tcl_mode >= DRI_CONF_TCL_VTXFMT)
 	    radeonVtxfmtDestroy( rmesa->glCtx );
       }
 
--- ./src/mesa/drivers/dri/r200/r200_context.c.selinux-awareness	2006-06-09 20:51:54.000000000 -0400
+++ ./src/mesa/drivers/dri/r200/r200_context.c	2006-08-22 21:14:45.000000000 -0400
@@ -546,11 +546,19 @@
    }
 
    if (rmesa->r200Screen->chip_flags & RADEON_CHIPSET_TCL) {
-      if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
-	 r200VtxfmtInit( ctx, tcl_mode >= DRI_CONF_TCL_CODEGEN );
+      void *test = NULL;
+      if ((test = _mesa_exec_malloc(64))) {
+         if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
+	    r200VtxfmtInit( ctx, tcl_mode >= DRI_CONF_TCL_CODEGEN );
+      } else {
+	 tcl_mode = DRI_CONF_TCL_PIPELINED;
+      }
+      if (test)
+         _mesa_exec_free(test);
 
       _tnl_need_dlist_norm_lengths( ctx, GL_FALSE );
    }
+   rmesa->tcl_mode = tcl_mode;
    return GL_TRUE;
 }
 
@@ -592,8 +600,7 @@
       }
 
       if (!(rmesa->TclFallback & R200_TCL_FALLBACK_TCL_DISABLE)) {
-	 int tcl_mode = driQueryOptioni(&rmesa->optionCache, "tcl_mode");
-	 if (tcl_mode >= DRI_CONF_TCL_VTXFMT)
+	 if (rmesa->tcl_mode >= DRI_CONF_TCL_VTXFMT)
 	    r200VtxfmtDestroy( rmesa->glCtx );
       }
 
--- ./src/mesa/drivers/dri/r200/r200_context.h.selinux-awareness	2006-07-20 12:49:57.000000000 -0400
+++ ./src/mesa/drivers/dri/r200/r200_context.h	2006-08-22 21:14:45.000000000 -0400
@@ -990,6 +990,7 @@
    GLuint TexGenEnabled;
    GLuint TexGenCompSel;
    GLmatrix tmpmat;
+   GLint tcl_mode;
 
    /* VBI / buffer swap
     */
--- ./src/mesa/shader/slang/slang_execute_x86.c.selinux-awareness	2006-08-09 16:05:26.000000000 -0400
+++ ./src/mesa/shader/slang/slang_execute_x86.c	2006-08-22 21:14:45.000000000 -0400
@@ -674,7 +674,8 @@
     * The built-in library occupies 450K, so we can be safe for now.
     * It is going to change in the future, when we get assembly analysis running.
     */
-   x86_init_func_size(&G.f, 1048576);
+   if (!x86_init_func_size (&G.f, 1048576))
+      return 0;
    G.r_eax = x86_make_reg(file_REG32, reg_AX);
    G.r_ecx = x86_make_reg(file_REG32, reg_CX);
    G.r_edx = x86_make_reg(file_REG32, reg_DX);
--- ./configs/linux-dri.selinux-awareness	2006-08-22 21:14:45.000000000 -0400
+++ ./configs/linux-dri	2006-08-22 21:14:45.000000000 -0400
@@ -38,7 +38,8 @@
 
 LIBDRM_CFLAGS = `pkg-config --cflags libdrm`
 LIBDRM_LIB = `pkg-config --libs libdrm`
-DRI_LIB_DEPS  = $(EXTRA_LIB_PATH) -lm -lpthread -lexpat -ldl $(LIBDRM_LIB)
+DRI_LIB_DEPS  = $(EXTRA_LIB_PATH) -lm -lpthread -lexpat -ldl $(LIBDRM_LIB) \
+		-lselinux
 GL_LIB_DEPS   = $(EXTRA_LIB_PATH) -lX11 -lXext -lXxf86vm -lm -lpthread -ldl \
                 $(LIBDRM_LIB)