[stable/linux-6.6.y 0/3] Backport Fix incorrect overlayfs mmap() and mprotect() LSM access controls
From: Cai Xinchen <hidden>
Date: 2026-06-22 02:47:37
Also in:
bpf, linux-fsdevel, linux-unionfs, lkml, selinux
Backport the patch series "Fix incorrect overlayfs mmap() and mprotect() LSM access controls" [1] to 6.6 lts I test selinux-testsuite[2] overlay test, it pass 135 tests. [1] https://lore.kernel.org/all/20260403030848.731867-5-paul@paul-moore.com/ (local) [2] https://github.com/SELinuxProject/selinux-testsuite Amir Goldstein (1): fs: prepare for adding LSM blob to backing_file Paul Moore (2): lsm: add backing_file LSM hooks selinux: fix overlayfs mmap() and mprotect() access checks fs/file_table.c | 41 ++++- fs/internal.h | 3 +- fs/open.c | 7 +- fs/overlayfs/file.c | 8 +- include/linux/fs.h | 15 +- include/linux/lsm_audit.h | 2 +- include/linux/lsm_hook_defs.h | 5 + include/linux/lsm_hooks.h | 1 + include/linux/security.h | 22 +++ security/security.c | 110 ++++++++++++++ security/selinux/hooks.c | 242 ++++++++++++++++++++++-------- security/selinux/include/objsec.h | 11 ++ 12 files changed, 394 insertions(+), 73 deletions(-) -- 2.18.0.huawei.25