42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
|
This needs a fixed toolchain, and a userspace rebuild to work.
|
||
|
|
For these reasons, it's had difficulty getting upstream.
|
||
|
|
|
||
|
|
ie, Fedora has a new enough toolchain, and has been rebuilt, so we don't need
|
||
|
|
the ifdefs. Other distros don't/haven't, and this patch would break them
|
||
|
|
if pushed upstream.
|
||
|
|
|
||
|
|
--- linux-2.6.26.noarch/security/selinux/hooks.c~ 2008-09-25 14:11:17.000000000 -0400
|
||
|
|
+++ linux-2.6.26.noarch/security/selinux/hooks.c 2008-09-25 14:12:17.000000000 -0400
|
||
|
|
@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi
|
||
|
|
const struct cred *cred = current_cred();
|
||
|
|
int rc = 0;
|
||
|
|
|
||
|
|
-#ifndef CONFIG_PPC32
|
||
|
|
if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
|
||
|
|
/*
|
||
|
|
* We are making executable an anonymous mapping or a
|
||
|
|
@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi
|
||
|
|
if (rc)
|
||
|
|
goto error;
|
||
|
|
}
|
||
|
|
-#endif
|
||
|
|
|
||
|
|
if (file) {
|
||
|
|
/* read access is always possible with a mapping */
|
||
|
|
@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct
|
||
|
|
if (selinux_checkreqprot)
|
||
|
|
prot = reqprot;
|
||
|
|
|
||
|
|
-#ifndef CONFIG_PPC32
|
||
|
|
if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
|
||
|
|
rc = 0;
|
||
|
|
if (vma->vm_start >= vma->vm_mm->start_brk &&
|
||
|
|
@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct
|
||
|
|
if (rc)
|
||
|
|
return rc;
|
||
|
|
}
|
||
|
|
-#endif
|
||
|
|
|
||
|
|
return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
|
||
|
|
}
|