On Fri, Dec 06, 2024 at 09:49:35AM -0800, Kalesh Singh wrote:
> On Thu, Dec 5, 2024 at 5:09 PM Isaac J. Manjarres
> <isaacmanjarres@xxxxxxxxxx> wrote:
> > --- a/mm/mmap.c
> > +++ b/mm/mmap.c
> > @@ -375,6 +375,17 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
> > if (!file_mmap_ok(file, inode, pgoff, len))
> > return -EOVERFLOW;
> >
> > + if (is_exec_sealed(seals)) {
> > + /* No new executable mappings if the file is exec sealed. */
> > + if (prot & PROT_EXEC)
> > + return -EACCES;
>
> I think this should be -EPERM to be consistent with seal_check_write()
> and mmap(2) man page:
>
> " EPERM The operation was prevented by a file seal; see fcntl(2)."
>
> Thanks,
> Kalesh
>
Thanks for catching that Kalesh! I agree and will fix this in v2 of the
series.
Thanks,
Isaac
