This needs a fixed toolchain, and a userspace rebuild to work.

For these reasons, it's had difficulty getting upstream.

ie, Fedora has a new enough toolchain, and has been rebuilt, so we don't need

the ifdefs.  Other distros don't/haven't, and this patch would break them

if pushed upstream.

--- linux-2.6.26.noarch/security/selinux/hooks.c~	2008-09-25 14:11:17.000000000 -0400

+++ linux-2.6.26.noarch/security/selinux/hooks.c	2008-09-25 14:12:17.000000000 -0400

@@ -3018,7 +3018,6 @@ static int file_map_prot_check(struct fi

 	const struct cred *cred = current_cred();

 	int rc = 0;

-#ifndef CONFIG_PPC32

 	if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {

 		/*

 		 * We are making executable an anonymous mapping or a

@@ -3029,7 +3028,6 @@ static int file_map_prot_check(struct fi

 		if (rc)

 			goto error;

 	}

-#endif

 	if (file) {

 		/* read access is always possible with a mapping */

@@ -3024,7 +3022,6 @@ static int selinux_file_mprotect(struct 

 	if (selinux_checkreqprot)

 		prot = reqprot;

-#ifndef CONFIG_PPC32

 	if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {

 		rc = 0;

 		if (vma->vm_start >= vma->vm_mm->start_brk &&

@@ -3049,7 +3046,6 @@ static int selinux_file_mprotect(struct 

 		if (rc)

 			return rc;

 	}

-#endif

 	return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);

 }