A question about allow_unconfined_mmap_low in f11 amd selinux
Mike Cloaked
mike.cloaked at gmail.com
Thu Nov 5 19:32:38 UTC 2009
Mike Cloaked <mike.cloaked <at> gmail.com> writes:
>
> Daniel J Walsh <dwalsh <at> redhat.com> writes:
>
> >
> > On 11/04/2009 10:23 AM, mike cloaked wrote:
>
> > > By "moving forward" do you mean that one can, in f11, reset the
> > > original boolean and set boolean mmap_low_allowed instead, in a
> > > forthcoming policy update?
> > >
> > > Or is this a planned change coming for f12 but not yet policy in
> > > earlier versions?
> > >
> > > Thanks
> > >
> > We have setroubleshoot plugins that explain exactly to the users what
> they need to do to turn make their wine
> > apps run.
> >
>
> Does the dereference fix in kernel-2.6.30.9-96.fc11 address the issue raised
> here or have I got this wrong?
>
I am somewhat confused by the following - I thought that if mmap_min_addr
was >0 then you are not vulnerable. I also thought that installing wine, OR
Crossover would set it to zero.
I have Crossover installed and not wine, and just checked:
[mike at home1 ~]$ cat /proc/sys/vm/mmap_min_addr
65536
This is an f11 box. I also set the boolean by doing
# setsebool -P allow_unconfined_mmap_low 1
Now I have lost track whether this means I am vulnerable or not?
I understand that installing wine would set mmap_min_addr to zero and make the
machine vulnerable but can someone clarify so that I no longer confused?
Thanks.
More information about the devel
mailing list