diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/Makefile | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima.h | 6 | ||||
| -rw-r--r-- | security/integrity/ima/ima_appraise.c | 2 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/util.c | 9 |
5 files changed, 8 insertions, 13 deletions
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile index 806bd19..7b3021c 100644 --- a/security/apparmor/Makefile +++ b/security/apparmor/Makefile @@ -60,6 +60,6 @@ $(obj)/resource.o : $(obj)/rlim_names.h $(obj)/capability_names.h : $(srctree)/include/linux/capability.h \ $(src)/Makefile $(call cmd,make-caps) -$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h \ +$(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \ $(src)/Makefile $(call cmd,make-rlim) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 8180add..6ee8826 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -143,7 +143,7 @@ void ima_delete_rules(void); #ifdef CONFIG_IMA_APPRAISE int ima_appraise_measurement(struct integrity_iint_cache *iint, struct file *file, const unsigned char *filename); -int ima_must_appraise(struct inode *inode, enum ima_hooks func, int mask); +int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func); void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file); #else @@ -154,8 +154,8 @@ static inline int ima_appraise_measurement(struct integrity_iint_cache *iint, return INTEGRITY_UNKNOWN; } -static inline int ima_must_appraise(struct inode *inode, - enum ima_hooks func, int mask) +static inline int ima_must_appraise(struct inode *inode, int mask, + enum ima_hooks func) { return 0; } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 0aa43bd..bdc8ba1 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -34,7 +34,7 @@ __setup("ima_appraise=", default_appraise_setup); * * Return 1 to appraise */ -int ima_must_appraise(struct inode *inode, enum ima_hooks func, int mask) +int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) { if (!ima_appraise) return 0; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 55af8c5..3a6e873 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -485,7 +485,7 @@ static int sel_mmap_policy(struct file *filp, struct vm_area_struct *vma) return -EACCES; } - vma->vm_flags |= VM_RESERVED; + vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP; vma->vm_ops = &sel_mmap_policy_ops; return 0; diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 867558c..2952ba5 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -949,18 +949,13 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, const char *tomoyo_get_exe(void) { struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; const char *cp = NULL; if (!mm) return NULL; down_read(&mm->mmap_sem); - for (vma = mm->mmap; vma; vma = vma->vm_next) { - if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { - cp = tomoyo_realpath_from_path(&vma->vm_file->f_path); - break; - } - } + if (mm->exe_file) + cp = tomoyo_realpath_from_path(&mm->exe_file->f_path); up_read(&mm->mmap_sem); return cp; } |