From: Christian Göttsche <cgzones@googlemail.com>
Date: Fri, 28 Jul 2023 15:01:49 +0000 (+0200)
Subject: selinux: log about VM being executable by default
X-Git-Tag: v6.6-rc1~148^2~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19c5b015d1b9122393151134879dcfcf0ae6057a;p=thirdparty%2Fkernel%2Flinux.git

selinux: log about VM being executable by default

In case virtual memory is being marked as executable by default, SELinux
checks regarding explicit potential dangerous use are disabled.

Inform the user about it.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5194f12def977..7cd687284563e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
 	cred_init_security();
 
 	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+	if (!default_noexec)
+		pr_notice("SELinux:  virtual memory is executable by default\n");
 
 	avc_init();