selinux: log about VM being executable by default

In case virtual memory is being marked as executable by default, SELinux checks regarding explicit potential dangerous use are disabled. Inform the user about it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

selinux: log about VM being executable by default
In case virtual memory is being marked as executable by default, SELinux checks regarding explicit potential dangerous use are disabled. Inform the user about it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
19c5b015 · Christian Göttsche · Paul Moore · 3876043a · 19c5b015
Commit 19c5b015 authored Jul 28, 2023 by Christian Göttsche Committed by Paul Moore Jul 28, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

security/selinux/hooks.c security/selinux/hooks.c +2 -0

No files found.
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
 	cred_init_security();

 	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+	if (!default_noexec)
+		pr_notice("SELinux:  virtual memory is executable by default\n");

 	avc_init();