projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3876043)
selinux: log about VM being executable by default
authorChristian Göttsche <cgzones@googlemail.com>
Fri, 28 Jul 2023 15:01:49 +0000 (17:01 +0200)
committerPaul Moore <paul@paul-moore.com>
Fri, 28 Jul 2023 18:04:14 +0000 (14:04 -0400)
In case virtual memory is being marked as executable by default, SELinux
checks regarding explicit potential dangerous use are disabled.

Inform the user about it.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5194f12def977bbfe695985d8ebeec34a0b49d99..7cd687284563e24eaca338240df6ea65ac96726e 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
        cred_init_security();
 
        default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+       if (!default_noexec)
+               pr_notice("SELinux:  virtual memory is executable by default\n");
 
        avc_init();
 
ep93xx device tree rework repo: git://git.maquefel.me/linux.git