On Wed, Jan 8, 2020 at 12:23 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > SELinux checks whether VM_EXEC is set in the VM_DATA_DEFAULT_FLAGS > during initialization and saves the result in default_noexec for use > in its mmap and mprotect hook function implementations to decide > whether to apply EXECMEM, EXECHEAP, EXECSTACK, and EXECMOD checks. > Mark default_noexec as ro_after_init to prevent later clearing it > and thereby disabling these checks. It is only set legitimately from > init code. > > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into selinux/next, thanks! -- paul moore www.paul-moore.com
