Older kernels checked read+write+execute to the backing tmpfs
file for shmat SHM_EXEC instead of execmem. Adjust the test policy
to allow the tests to pass on these older kernels.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
policy/test_mmap.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/test_mmap.te b/policy/test_mmap.te
index e039f76..8eed390 100644
--- a/policy/test_mmap.te
+++ b/policy/test_mmap.te
@@ -31,6 +31,8 @@ allow test_execmem_t self:process execmem;
allow test_execmem_t test_mmap_file_t:file { open read execute };
# For mmap_hugetlb_anon_shared test.
allow test_execmem_t hugetlbfs_t:file { read write execute };
+# For shmat test on old kernels.
+allow test_execmem_t tmpfs_t:file { read write execute };
type test_no_execmem_t;
domain_type(test_no_execmem_t)
@@ -41,6 +43,8 @@ typeattribute test_no_execmem_t mmaptestdomain;
allow test_no_execmem_t test_mmap_file_t:file { open read };
# For mmap_hugetlb_anon_shared test.
allow test_no_execmem_t hugetlbfs_t:file { read write };
+# For shmat test on old kernels: no execmem check, only tmpfs write+execute.
+allow test_no_execmem_t tmpfs_t:file { read write };
type test_mprotect_anon_shared_t;
domain_type(test_mprotect_anon_shared_t)
--
2.7.4
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
