Merge /spare/repo/linux-2.6/

author: Jeff Garzik <jgarzik@pretzel.yyz.us> 2005-06-26 18:06:06 -0400
committer: Jeff Garzik <jgarzik@pobox.com> 2005-06-26 18:06:06 -0400
commit: aef7b83c92dd0b7e994805440655d1d64147287b (patch)
tree: 981f373358c1988e061625e8f272013065cb086f /security/selinux/hooks.c
parent: b1fc5505e0dbcc3fd7c75bfe6bee39ec50080963 (diff)
parent: 8678887e7fb43cd6c9be6c9807b05e77848e0920 (diff)
1 files changed, 24 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe48..17a1189f1ff8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1658,9 +1658,8 @@ static int selinux_bprm_secureexec (struct linux_binprm *bprm)
 static void selinux_bprm_free_security(struct linux_binprm *bprm)
 {
-        struct bprm_security_struct *bsec = bprm->security;
+        kfree(bprm->security);
        bprm->security = NULL;
-        kfree(bsec);
 }
 extern struct vfsmount *selinuxfs_mount;
@@ -1945,6 +1944,7 @@ static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void
        } while (*in_end++);
        copy_page(in_save, nosec_save);
+        free_page((unsigned long)nosec_save);
 out:
        return rc;
 }
@@ -2476,6 +2476,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                prot = reqprot;
 #ifndef CONFIG_PPC32
+        if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXECUTABLE) &&
+           (vma->vm_start >= vma->vm_mm->start_brk &&
+            vma->vm_end <= vma->vm_mm->brk)) {
+                /*
+                 * We are making an executable mapping in the brk region.
+                 * This has an additional execheap check.
+                 */
+                rc = task_has_perm(current, current, PROCESS__EXECHEAP);
+                if (rc)
+                        return rc;
+        }
        if (vma->vm_file != NULL && vma->anon_vma != NULL && (prot & PROT_EXEC)) {
                /*
                 * We are making executable a file mapping that has
@@ -2487,6 +2498,16 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                if (rc)
                        return rc;
        }
+        if (!vma->vm_file && (prot & PROT_EXEC) &&
+                vma->vm_start <= vma->vm_mm->start_stack &&
+                vma->vm_end >= vma->vm_mm->start_stack) {
+                /* Attempt to make the process stack executable.
+                 * This has an additional execstack check.
+                 */
+                rc = task_has_perm(current, current, PROCESS__EXECSTACK);
+                if (rc)
+                        return rc;
+        }
 #endif
        return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
@@ -3419,7 +3440,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
        err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
        if (err) {
                if (err == -EINVAL) {
-                        audit_log(current->audit_context,
+                        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
                                  "SELinux:  unrecognized netlink message"
                                  " type=%hu for sclass=%hu\n",
                                  nlh->nlmsg_type, isec->sclass);
author	Jeff Garzik <jgarzik@pretzel.yyz.us>	2005-06-26 18:06:06 -0400
committer	Jeff Garzik <jgarzik@pobox.com>	2005-06-26 18:06:06 -0400
commit	aef7b83c92dd0b7e994805440655d1d64147287b (patch)
tree	981f373358c1988e061625e8f272013065cb086f /security/selinux/hooks.c
parent	b1fc5505e0dbcc3fd7c75bfe6bee39ec50080963 (diff)
parent	8678887e7fb43cd6c9be6c9807b05e77848e0920 (diff)