On Wed, May 30, 2012 at 1:56 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: >> >> It actually cleaned things up, and made the calling conventions >> simpler. Just always pass in "reqprot", and have the security layer do >> the trivial "calculate final prot". > > If only it would be trivial ;-/ Take a look at !MMU case (or at the > description in the posting upthread if you want to avoid seeing your > breakfast one more time - the code in validate_mmap_request() is > really ugly). Don't bother with validate_mmap_request() for nommu. It's ugly, but it does the same thing, and if it does something else, it's buggy anyway. Generating 'prot' from 'reqprot' really *should* be as simple as what I did in my patch. The fact that some places f*ck it up is their problem - see for example mprotect (I think) that didn't take MNT_NOEXEC into account. Don't try to emulate those broken semantics. Just fix them. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html