I notice that on x86_64 we set
I think we should be defaulting the DAC based protection to 64k as well
(or dropping the LSM value to 4k). I guess the Kconfig default is 4k
but testing when we wrote this feature said
ia64, ppc64 and x86 could safely be 64k
arm and maybe others should only be 32k
If it is safe to run with SELinux enforcing 64k it should be safe to run
with root/non-root enforcing 64k...