selinux: log about VM being executable by default

In case virtual memory is being marked as executable by default, SELinux checks regarding explicit potential dangerous use are disabled. Inform the user about it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Christian Göttsche <cgzones@googlemail.com> 2023-07-28 17:01:49 +0200
committer: Paul Moore <paul@paul-moore.com> 2023-07-28 14:04:14 -0400
commit: 19c5b015d1b9122393151134879dcfcf0ae6057a (patch)
tree: 07112b97084f7b40e30688c0018c269a0d90f433
parent: selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif() (diff)
download: wireguard-linux-19c5b015d1b9122393151134879dcfcf0ae6057a.tar.xz
wireguard-linux-19c5b015d1b9122393151134879dcfcf0ae6057a.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5194f12def97..7cd687284563 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
 	cred_init_security();
 
 	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+	if (!default_noexec)
+		pr_notice("SELinux:  virtual memory is executable by default\n");
 
 	avc_init();
author	Christian Göttsche <cgzones@googlemail.com>	2023-07-28 17:01:49 +0200
committer	Paul Moore <paul@paul-moore.com>	2023-07-28 14:04:14 -0400
commit	19c5b015d1b9122393151134879dcfcf0ae6057a (patch)
tree	07112b97084f7b40e30688c0018c269a0d90f433
parent	selinux: fix a 0/NULL mistmatch in ad_net_init_from_iif() (diff)
download	wireguard-linux-19c5b015d1b9122393151134879dcfcf0ae6057a.tar.xz wireguard-linux-19c5b015d1b9122393151134879dcfcf0ae6057a.zip