On Tue, Dec 31, 2013 at 1:01 PM, Eric Paris <eparis(a)redhat.com> wrote:
I notice that on x86_64 we set
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_LSM_MMAP_MIN_ADDR=65536
I think we should be defaulting the DAC based protection to 64k as well
(or dropping the LSM value to 4k). I guess the Kconfig default is 4k
but testing when we wrote this feature said
ia64, ppc64 and x86 could safely be 64k
arm and maybe others should only be 32k
If it is safe to run with SELinux enforcing 64k it should be safe to run
with root/non-root enforcing 64k...
OK. I'll bump it to 64k on x86_64 with the next rawhide build I do.
josh