Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
WRONG. Flat wrong. There are differences in what is/was required when using SELinux and not using SELinux, but it was never ignored.
"The mainline now has a patch which causes the map_min_addr sysctl knob to always be in effect; this patch has also been put into the 188.8.131.52 and 184.108.40.206 updates"
This is true, but wrong in context. The knob causes mmap_min_addr to be applied with !CONFIG_SECURITY. But the whole paragraph was about having it set....
Posted Jul 21, 2009 22:06 UTC (Tue) by corbet (editor, #1)
Posted Jul 21, 2009 23:12 UTC (Tue) by eparis (subscriber, #33060)
I did try to specifically address the issue of the differences between SELinux and non-SELinux mmap_min_addr use in a blog I created today.
From the point of view of an authenticated and logged in user SELinux is doing a worse job and I clearly want to fix this. From the point of view of a remote attack or in light of people who run dumb things (run wine), SELinux was taking a better approach.
I'm hoping to fix those dumb things.
Posted Jul 23, 2009 2:45 UTC (Thu) by spender (subscriber, #23067)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds