diff options
author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-30 18:02:14 +0000 |
---|---|---|
committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-30 18:02:14 +0000 |
commit | 0bf514029e8960ab19594b74f117eade41d80d2f (patch) | |
tree | e87a8b0a4e7f4de9cb9c37da42d073e2b2fbbdb2 /sandbox/linux | |
parent | 6c9c89b561f7f4469d382dc89ec0aced264463af (diff) | |
download | chromium_src-0bf514029e8960ab19594b74f117eade41d80d2f.zip chromium_src-0bf514029e8960ab19594b74f117eade41d80d2f.tar.gz chromium_src-0bf514029e8960ab19594b74f117eade41d80d2f.tar.bz2 |
Fix SELinux warnings when running on Fedora.
(c.f. http://people.redhat.com/drepper/selinux-mem.html)
Fix compilation warnings on Fedora.
BUG=none
TEST=when running Chrome on Fedora, verify that we don't get AVC warnings
Review URL: http://codereview.chromium.org/1535004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43107 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux')
-rw-r--r-- | sandbox/linux/seccomp/library.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sandbox/linux/seccomp/library.cc b/sandbox/linux/seccomp/library.cc index 768b00a..e882ba4 100644 --- a/sandbox/linux/seccomp/library.cc +++ b/sandbox/linux/seccomp/library.cc @@ -88,7 +88,7 @@ Library::~Library() { // file. Move the temporarily extended mapping back to where we originally // found. Make sure to preserve any changes that we might have made since. Sandbox::SysCalls sys; - sys.mprotect(image_, 4096, PROT_READ | PROT_WRITE); + sys.mprotect(image_, 4096, PROT_READ | PROT_WRITE | PROT_EXEC); if (memcmp(image_, memory_ranges_.rbegin()->second.start, 4096)) { // Only copy data, if we made any changes in this data. Otherwise there // is no need to create another modified COW mapping. @@ -242,7 +242,7 @@ char *Library::getOriginal(Elf_Addr offset, char *buf, size_t len) { if (image_ == MAP_FAILED) { image_ = NULL; } else { - sys.MMAP(start, 4096, PROT_READ | PROT_WRITE, + sys.MMAP(start, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0); for (int i = 4096 / sizeof(long); --i; reinterpret_cast<long *>(start)[i] = @@ -875,7 +875,7 @@ int Library::patchVSystemCalls() { // Only x86-64 has VSyscalls. if (maps_->vsyscall()) { char* copy = maps_->allocNearAddr(maps_->vsyscall(), 0x1000, - PROT_READ|PROT_WRITE); + PROT_READ|PROT_WRITE|PROT_EXEC); char* extraSpace = copy; int extraLength = 0x1000; memcpy(copy, maps_->vsyscall(), 0x1000); |