diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-12 13:46:48 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-12 13:46:48 -0700 |
commit | bb50cbbd4beacd5ceda76c32fcb116c67fe8c66c (patch) | |
tree | d57fe1a7c4214afbaacbcc5fb62ea6a5e9169b3f /Documentation | |
parent | 702ed6ef375c19d65f2eeeefd3851476f2c4cee4 (diff) | |
parent | d4cf291526a74cc33d33700a35b74395eec812fd (diff) | |
download | op-kernel-dev-bb50cbbd4beacd5ceda76c32fcb116c67fe8c66c.zip op-kernel-dev-bb50cbbd4beacd5ceda76c32fcb116c67fe8c66c.tar.gz |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
security: unexport mmap_min_addr
SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel
security: Protection for exploiting null dereference using mmap
SELinux: Use %lu for inode->i_no when printing avc
SELinux: allow preemption between transition permission checks
selinux: introduce schedule points in policydb_destroy()
selinux: add selinuxfs structure for object class discovery
selinux: change sel_make_dir() to specify inode counter.
selinux: rename sel_remove_bools() for more general usage.
selinux: add support for querying object classes and permissions from the running policy
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/sysctl/vm.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt index 1d19256..8cfca17 100644 --- a/Documentation/sysctl/vm.txt +++ b/Documentation/sysctl/vm.txt @@ -31,6 +31,7 @@ Currently, these files are in /proc/sys/vm: - min_unmapped_ratio - min_slab_ratio - panic_on_oom +- mmap_min_address ============================================================== @@ -216,3 +217,17 @@ above-mentioned. The default value is 0. 1 and 2 are for failover of clustering. Please select either according to your policy of failover. + +============================================================== + +mmap_min_addr + +This file indicates the amount of address space which a user process will +be restricted from mmaping. Since kernel null dereference bugs could +accidentally operate based on the information in the first couple of pages +of memory userspace processes should not be allowed to write to them. By +default this value is set to 0 and no protections will be enforced by the +security module. Setting this value to something like 64k will allow the +vast majority of applications to work correctly and provide defense in depth +against future potential kernel bugs. + |