> Just to clarify, the problem arises from the policy shipped in RHEL5, not
> in SELinux itself.
I had the impression from previous LWN articles that there was also a bug or, at least, an "unintended feature" in the LSM infrastructure (not specifically SELinux, then), which disabled the normal Linux checking for minimum mmap-able address when an LSM was installed.
So one *aspect* of the problem is affected by the presence of SELinux (or other LSMs), even though SELinux itself may not contain the bug. Is that correct too?