enable CONFIG_SECURITY_MMAP_MIN_ADDR

James Morris jmorris at namei.org
Thu Feb 14 22:32:50 UTC 2008


On Thu, 14 Feb 2008, Adam Jackson wrote:

> On Thu, 2008-02-14 at 11:09 -0500, Eric Paris wrote:
> > Looks like rawhide kernels now have the CONFIG_SECURITY_MMAP_MIN_ADDR
> > Kconfig option.  In the past I tried to get this enabled by default
> > using sysctl, a fedora kernel patch, and now I've got the Kconfig option
> > in the upstream kernel.  Lets set this equal to 65536.  I've been
> > running with this setting on my F8 laptop for some time and haven't seen
> > any problems (although I do know that dosemu may be an issue for both of
> > the people in the world who use it, there also may be some virt issues
> > that I don't know about but which can be very quickly and easily sorted
> > out)
> 
> Ack from me.  Both X and vbetool use x86emu instead of vm86 in F9, so I
> don't need vm86 mode to work.

Looks like SELinux policy provides the mmap_zero perm to 'xserver', which 
bypasses the check, and we should not need this now.


- James
-- 
James Morris <jmorris at namei.org>




More information about the Fedora-kernel-list mailing list