| Message ID | 20230728150150.16224-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] selinux: log about VM being executable by default | expand |
On Jul 28, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote: > > In case virtual memory is being marked as executable by default, SELinux > checks regarding explicit potential dangerous use are disabled. > > Inform the user about it. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > v2: > shorten message as suggested by Paul > --- > security/selinux/hooks.c | 2 ++ > 1 file changed, 2 insertions(+) Merged into selinux/next, thanks. -- paul-moore.com
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5194f12def97..7cd687284563 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7265,6 +7265,8 @@ static __init int selinux_init(void) cred_init_security(); default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC); + if (!default_noexec) + pr_notice("SELinux: virtual memory is executable by default\n"); avc_init();
In case virtual memory is being marked as executable by default, SELinux checks regarding explicit potential dangerous use are disabled. Inform the user about it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v2: shorten message as suggested by Paul --- security/selinux/hooks.c | 2 ++ 1 file changed, 2 insertions(+)