selinux: log about VM being executable by default

In case virtual memory is being marked as executable by default, SELinux checks regarding explicit potential dangerous use are disabled. Inform the user about it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Christian Göttsche <cgzones@googlemail.com> 2023-07-28 18:01:49 +0300
committer: Paul Moore <paul@paul-moore.com> 2023-07-28 21:04:14 +0300
commit: 19c5b015d1b9122393151134879dcfcf0ae6057a (patch)
tree: 07112b97084f7b40e30688c0018c269a0d90f433 /security/selinux
parent: 3876043ad9f7ff5fa3e506ea9673641971e46d8b (diff)
download: linux-19c5b015d1b9122393151134879dcfcf0ae6057a.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5194f12def97..7cd687284563 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7265,6 +7265,8 @@ static __init int selinux_init(void)
 	cred_init_security();
 
 	default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
+	if (!default_noexec)
+		pr_notice("SELinux:  virtual memory is executable by default\n");
 
 	avc_init();
author	Christian Göttsche <cgzones@googlemail.com>	2023-07-28 18:01:49 +0300
committer	Paul Moore <paul@paul-moore.com>	2023-07-28 21:04:14 +0300
commit	19c5b015d1b9122393151134879dcfcf0ae6057a (patch)
tree	07112b97084f7b40e30688c0018c269a0d90f433 /security/selinux
parent	3876043ad9f7ff5fa3e506ea9673641971e46d8b (diff)
download	linux-19c5b015d1b9122393151134879dcfcf0ae6057a.tar.xz