SELinux: fix regression caused by iterate_fd() introduction From: Pavel Roskin match_file() should not increment the file descriptor. iterate_fd() does it already. The bug was introduced in c3c073f808b22dfae15ef8412b6f7b998644139a. A curious side effect of the bug is that Mozilla Firefox would hang on Facebook if Adobe Flash plugin is enabled and SELinux is active. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=50401 Signed-off-by: Pavel Roskin --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 61a5336..ff27f2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2090,7 +2090,7 @@ static int selinux_bprm_secureexec(struct linux_binprm *bprm) static int match_file(const void *p, struct file *file, unsigned fd) { - return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0; + return file_has_perm(p, file, file_to_av(file)) ? fd : 0; } /* Derived from fs/exec.c:flush_old_files. */