> But, for unknown reasons, the mmap() code in the 2.6.30 kernel
> explicitly declines to enforce mmap_min_addr if the security module
> mechanism has been configured into the kernel. That job, instead, is
> left to the specific security module being used.
There are plenty of systems where CONFIG_SECURITY_SELINUX is set, but
where selinux is either not installed or not activated.
So if the quoted text is correct, then all those systems would be missing
an apparently useful (basic?) security check. Or is the text imprecise
and does the kernel check if a security module is active before ignoring