Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull selinux fixes from James Morris. * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: fix mprotect PROT_EXEC regression caused by mm change selinux: don't waste ebitmap space when importing NetLabel categories
This commit is contained in:
commit
2278cb0bb3
|
@ -3283,7 +3283,8 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
if (default_noexec &&
|
if (default_noexec &&
|
||||||
(prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
|
(prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
|
||||||
|
(!shared && (prot & PROT_WRITE)))) {
|
||||||
/*
|
/*
|
||||||
* We are making executable an anonymous mapping or a
|
* We are making executable an anonymous mapping or a
|
||||||
* private file mapping that will also be writable.
|
* private file mapping that will also be writable.
|
||||||
|
|
|
@ -153,6 +153,12 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
|
||||||
if (offset == (u32)-1)
|
if (offset == (u32)-1)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
/* don't waste ebitmap space if the netlabel bitmap is empty */
|
||||||
|
if (bitmap == 0) {
|
||||||
|
offset += EBITMAP_UNIT_SIZE;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if (e_iter == NULL ||
|
if (e_iter == NULL ||
|
||||||
offset >= e_iter->startbit + EBITMAP_SIZE) {
|
offset >= e_iter->startbit + EBITMAP_SIZE) {
|
||||||
e_prev = e_iter;
|
e_prev = e_iter;
|
||||||
|
|
Loading…
Reference in a new issue