commit | 5e1461dc906f68f6590df1c79f2f4d69e0af18c5 | [log] [tgz] |
---|---|---|
author | Stephen Smalley <sds@tycho.nsa.gov> | Mon Dec 23 16:26:46 2013 -0500 |
committer | Stephen Smalley <sds@tycho.nsa.gov> | Mon Dec 23 16:29:25 2013 -0500 |
tree | 3d0ce3a643c3cec7ab6d803c9be1aa0089ddce19 | |
parent | cd8b953ede50f68dff5ea049e72aee130dc4a3cb [diff] |
Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. If checkreqprot == 1, SELinux only checks the protection flags passed by the application, even if the kernel internally adds PROT_EXEC for READ_IMPLIES_EXEC personality flags. Switch to checkreqprot == 0 to check the final protection flags applied by the kernel. Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>