From 788084aba2ab7348257597496befcbccabdc98a3 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 31 Jul 2009 12:54:11 -0400 Subject: Security/SELinux: seperate lsm specific mmap_min_addr Currently SELinux enforcement of controls on the ability to map low memory is determined by the mmap_min_addr tunable. This patch causes SELinux to ignore the tunable and instead use a seperate Kconfig option specific to how much space the LSM should protect. The tunable will now only control the need for CAP_SYS_RAWIO and SELinux permissions will always protect the amount of low memory designated by CONFIG_LSM_MMAP_MIN_ADDR. This allows users who need to disable the mmap_min_addr controls (usual reason being they run WINE as a non-root user) to do so and still have SELinux controls preventing confined domains (like a web server) from being able to map some area of low memory. Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/Kconfig | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'security/Kconfig') diff --git a/security/Kconfig b/security/Kconfig index d23c839..9c60c34 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -113,6 +113,22 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. +config LSM_MMAP_MIN_ADDR + int "Low address space for LSM to from user allocation" + depends on SECURITY && SECURITY_SELINUX + default 65535 + help + This is the portion of low virtual memory which should be protected + from userspace allocation. Keeping a user from writing to low pages + can help reduce the impact of kernel NULL pointer bugs. + + For most ia64, ppc64 and x86 users with lots of address space + a value of 65536 is reasonable and should cause no problems. + On arm and other archs it should not be higher than 32768. + Programs which use vm86 functionality or have some need to map + this low address space will need the permission specific to the + systems running LSM. + source security/selinux/Kconfig source security/smack/Kconfig source security/tomoyo/Kconfig -- cgit v1.1 From a58578e47f004017cf47803ad372490806630e58 Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Tue, 18 Aug 2009 13:47:37 -0400 Subject: security: Make LSM_MMAP_MIN_ADDR default match its help text. Commit 788084aba2ab7348257597496befcbccabdc98a3 added the LSM_MMAP_MIN_ADDR option, whose help text states "For most ia64, ppc64 and x86 users with lots of address space a value of 65536 is reasonable and should cause no problems." Which implies that it's default setting was typoed. Signed-off-by: Dave Jones Acked-by: Eric Paris Signed-off-by: James Morris --- security/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/Kconfig') diff --git a/security/Kconfig b/security/Kconfig index 9c60c34..bba9268 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -116,7 +116,7 @@ config SECURITY_ROOTPLUG config LSM_MMAP_MIN_ADDR int "Low address space for LSM to from user allocation" depends on SECURITY && SECURITY_SELINUX - default 65535 + default 65536 help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages -- cgit v1.1 From 024e6cb408307de41cbfcb1e5a170d9af60ab2a9 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 18 Aug 2009 22:14:29 +0200 Subject: security: Fix prompt for LSM_MMAP_MIN_ADDR Fix prompt for LSM_MMAP_MIN_ADDR. (Verbs are cool!) Signed-off-by: Andreas Schwab Acked-by: Eric Paris Signed-off-by: James Morris --- security/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/Kconfig') diff --git a/security/Kconfig b/security/Kconfig index bba9268..4c86534 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -114,7 +114,7 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. config LSM_MMAP_MIN_ADDR - int "Low address space for LSM to from user allocation" + int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX default 65536 help -- cgit v1.1