In case virtual memory is being marked as executable by default, SELinux
checks regarding explicit potential dangerous use are disabled.
Inform the user about it.
Signed-off-by: Christian Göttsche <[email protected]>
---
v2:
shorten message as suggested by Paul
---
security/selinux/hooks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5194f12def97..7cd687284563 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
cred_init_security();
default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+ if (!default_noexec)
+ pr_notice("SELinux: virtual memory is executable by default\n");
avc_init();
--
2.40.1
On Jul 28, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <[email protected]> wrote:
>
> In case virtual memory is being marked as executable by default, SELinux
> checks regarding explicit potential dangerous use are disabled.
>
> Inform the user about it.
>
> Signed-off-by: Christian Göttsche <[email protected]>
> ---
> v2:
> shorten message as suggested by Paul
> ---
> security/selinux/hooks.c | 2 ++
> 1 file changed, 2 insertions(+)
Merged into selinux/next, thanks.
--
paul-moore.com