This repository was archived by the owner on Jan 6, 2025. It is now read-only.
get_min_address: Do not shorten if SELinux enabled. Fixes 4 tests on RedHat 7.#136
Open
xloem wants to merge 1 commit intopmem:masterfrom
Open
get_min_address: Do not shorten if SELinux enabled. Fixes 4 tests on RedHat 7.#136xloem wants to merge 1 commit intopmem:masterfrom
xloem wants to merge 1 commit intopmem:masterfrom
Conversation
SELinux usually restricts mapping of memory at addresses prior to CONFIG_LSM_MMAP_MIN_ADDR which defaults to 65536 or 0x10000. This patch checks if SELinux is enforced and ensures 0x10000 is similarly enforced as an address minimum if so.
en4bz
reviewed
Jan 1, 2025
| static int | ||
| get_selinux_enforced(void) | ||
| { | ||
| static int selinux_enforced = -1; |
Collaborator
There was a problem hiding this comment.
Given that this function will only be called once I don't see a reason to cache the result like this.
Collaborator
|
Can you list which tests were fixed? |
en4bz
reviewed
Jan 1, 2025
| O_RDONLY); | ||
|
|
||
| if (fd >= 0) { | ||
| static uintptr_t proc_min_address; |
Collaborator
There was a problem hiding this comment.
This doesn't need to be static either.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SELinux usually restricts mapping of memory at addresses prior to CONFIG_LSM_MMAP_MIN_ADDR which defaults to 65536 or 0x10000.
This patch checks if SELinux is enforced and ensures 0x10000 is similarly enforced as an address minimum if so.
I know there appears to be no maintainer of this codebase at the moment, but it's still helpful to share the code.