[PATCH] SELinux: enhance SELinux control of executable mappings
This patch adds new permission checks to the SELinux mmap and mprotect hooks to enable control over the ability to make executable a mapping that can contain data not covered by the existing file-based permission checks. The task->self execmem permission controls the ability to create an executable anonymous mapping or a writable executable private file mapping. The task->file execmod permission controls the ability to make executable a previously written private file mapping, e.g. for text relocations. Thanks to Roland McGrath for input and feedback on earlier versions of this patch. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing
Please register or sign in to comment