www.infradead.org Git - users/willy/xarray.git/commit

author	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 14 Aug 2024 16:23:20 +0000 (09:23 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 14 Aug 2024 16:23:20 +0000 (09:23 -0700)
commit	9d5906799f7d89c9e12f6d2e0fccb00713c945ab
tree	7d8dc91dd85e0b888620d0425ad8e679ceda3431	tree
parent	4ac0f08f44b62e59a389c7ed87c89087d9fefe29	commit \| diff
parent	05a3d6e9307250a5911d75308e4363466794ab21	commit \| diff

Merge tag 'selinux-pr-20240814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fixes from Paul Moore:

- Fix a xperms counting problem where we adding to the xperms count
   even if we failed to add the xperm.

- Propogate errors from avc_add_xperms_decision() back to the caller so
   that we can trigger the proper cleanup and error handling.

- Revert our use of vma_is_initial_heap() in favor of our older logic
   as vma_is_initial_heap() doesn't correctly handle the no-heap case
   and it is causing issues with the SELinux process/execheap access
   control. While the older SELinux logic may not be perfect, it
   restores the expected user visible behavior.

   Hopefully we will be able to resolve the problem with the
   vma_is_initial_heap() macro with the mm folks, but we need to fix
   this in the meantime.

* tag 'selinux-pr-20240814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: revert our use of vma_is_initial_heap()
  selinux: add the processing of the failure of avc_add_xperms_decision()
  selinux: fix potential counting error in avc_add_xperms_decision()