84336d1a77
Currently SELinux does not check CAP_SYS_RAWIO in the file_mmap hook. This means there is no DAC check on the ability to mmap low addresses in the memory space. This function adds the DAC check for CAP_SYS_RAWIO while maintaining the selinux check on mmap_zero. This means that processes which need to mmap low memory will need CAP_SYS_RAWIO and mmap_zero but will NOT need the SELinux sys_rawio capability. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| include | ||
| ss | ||
| avc.c | ||
| exports.c | ||
| hooks.c | ||
| Kconfig | ||
| Makefile | ||
| netif.c | ||
| netlabel.c | ||
| netlink.c | ||
| netnode.c | ||
| netport.c | ||
| nlmsgtab.c | ||
| selinuxfs.c | ||
| xfrm.c | ||