On Thu, 28 Jun 2007 08:12:48 -0400 (EDT) James Morris <[email protected]> wrote:
> > My fix:
>
> This should work.
>
uh, OK, surprised.
Completer version:
--- a/security/selinux/hooks.c~git-selinux-disable-mmap_min_addr-by-default
+++ a/security/selinux/hooks.c
@@ -112,9 +112,6 @@ int selinux_enabled = 1;
/* Original (dummy) security module. */
static struct security_operations *original_ops = NULL;
-/* Did we enable minimum mmap address checking? */
-static int enabled_mmap_min_addr;
-
/* Minimal support for a secondary security module,
just to allow the use of the dummy or capability modules.
The owlsm module can alternatively be used as a secondary
@@ -4917,15 +4914,6 @@ static __init int selinux_init(void)
sizeof(struct inode_security_struct),
0, SLAB_PANIC, NULL, NULL);
- /*
- * Tasks cannot mmap below this without the mmap_zero permission.
- * If not enabled already, do so by setting it to 64KB.
- */
- if (mmap_min_addr == 0) {
- enabled_mmap_min_addr = 1;
- mmap_min_addr = 65536;
- }
-
avc_init();
original_ops = secondary_ops = security_ops;
@@ -5076,10 +5064,6 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
- /* Disable minimum mmap address check only if we enabled it */
- if (enabled_mmap_min_addr)
- mmap_min_addr = 0;
-
/* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops;
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
