mmap_min_addr
Josh Boyer
jwboyer at fedoraproject.org
Mon Jan 6 21:14:00 UTC 2014
On Tue, Dec 31, 2013 at 1:01 PM, Eric Paris <eparis at redhat.com> wrote:
> I notice that on x86_64 we set
>
> CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
> CONFIG_LSM_MMAP_MIN_ADDR=65536
>
> I think we should be defaulting the DAC based protection to 64k as well
> (or dropping the LSM value to 4k). I guess the Kconfig default is 4k
> but testing when we wrote this feature said
>
> ia64, ppc64 and x86 could safely be 64k
> arm and maybe others should only be 32k
>
> If it is safe to run with SELinux enforcing 64k it should be safe to run
> with root/non-root enforcing 64k...
OK. I'll bump it to 64k on x86_64 with the next rawhide build I do.
josh
More information about the kernel
mailing list