kernel/linux-2.6-selinux-mprotect-checks.patch

42 lines
1.3 KiB
Diff
Raw Normal View History

2010-07-30 00:18:45 +00:00
This needs a fixed toolchain, and a userspace rebuild to work.
For these reasons, it's had difficulty getting upstream.
ie, Fedora has a new enough toolchain, and has been rebuilt, so we don't need
the ifdefs. Other distros don't/haven't, and this patch would break them
if pushed upstream.
--- linux-2.6.26.noarch/security/selinux/hooks.c~ 2008-09-25 14:11:17.000000000 -0400
+++ linux-2.6.26.noarch/security/selinux/hooks.c 2008-09-25 14:12:17.000000000 -0400
@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi
const struct cred *cred = current_cred();
int rc = 0;
-#ifndef CONFIG_PPC32
if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
/*
* We are making executable an anonymous mapping or a
@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi
if (rc)
goto error;
}
-#endif
if (file) {
/* read access is always possible with a mapping */
@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct
if (selinux_checkreqprot)
prot = reqprot;
-#ifndef CONFIG_PPC32
if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
rc = 0;
if (vma->vm_start >= vma->vm_mm->start_brk &&
@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct
if (rc)
return rc;
}
-#endif
return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
}