enable CONFIG_SECURITY_MMAP_MIN_ADDR
James Morris
jmorris at namei.org
Thu Feb 14 22:32:50 UTC 2008
On Thu, 14 Feb 2008, Adam Jackson wrote:
> On Thu, 2008-02-14 at 11:09 -0500, Eric Paris wrote:
> > Looks like rawhide kernels now have the CONFIG_SECURITY_MMAP_MIN_ADDR
> > Kconfig option. In the past I tried to get this enabled by default
> > using sysctl, a fedora kernel patch, and now I've got the Kconfig option
> > in the upstream kernel. Lets set this equal to 65536. I've been
> > running with this setting on my F8 laptop for some time and haven't seen
> > any problems (although I do know that dosemu may be an issue for both of
> > the people in the world who use it, there also may be some virt issues
> > that I don't know about but which can be very quickly and easily sorted
> > out)
>
> Ack from me. Both X and vbetool use x86emu instead of vm86 in F9, so I
> don't need vm86 mode to work.
Looks like SELinux policy provides the mmap_zero perm to 'xserver', which
bypasses the check, and we should not need this now.
- James
--
James Morris <jmorris at namei.org>
More information about the Fedora-kernel-list
mailing list