Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

get_min_address: Do not shorten if SELinux enabled. Fixes 4 tests on RedHat 7. #136

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

get_min_address: Do not shorten if SELinux enabled. Fixes 4 tests on RedHat 7. #136

wants to merge 1 commit into from

Conversation

xloem
Copy link

@xloem xloem commented Dec 29, 2024

SELinux usually restricts mapping of memory at addresses prior to CONFIG_LSM_MMAP_MIN_ADDR which defaults to 65536 or 0x10000.

This patch checks if SELinux is enforced and ensures 0x10000 is similarly enforced as an address minimum if so.

I know there appears to be no maintainer of this codebase at the moment, but it's still helpful to share the code.

get_min_address: Do not shorten if SELinux enabled.
1ac5c47 
SELinux usually restricts mapping of memory at addresses prior to
CONFIG_LSM_MMAP_MIN_ADDR which defaults to 65536 or 0x10000.

This patch checks if SELinux is enforced and ensures 0x10000 is similarly
enforced as an address minimum if so.
en4bz
en4bz reviewed Jan 1, 2025
View reviewed changes
src/intercept_desc.c
static int
get_selinux_enforced(void)
{
static int selinux_enforced = -1;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that this function will only be called once I don't see a reason to cache the result like this.

@en4bz
Copy link
Collaborator

en4bz commented Jan 1, 2025

Can you list which tests were fixed?

en4bz
en4bz reviewed Jan 1, 2025
View reviewed changes
src/intercept_desc.c

int fd = syscall_no_intercept(SYS_open, "/proc/sys/vm/mmap_min_addr",
O_RDONLY);

if (fd >= 0) {
static uintptr_t proc_min_address;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't need to be static either.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@en4bz en4bz en4bz left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xloem @en4bz