LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Low-memory mapping - core fixes

Low-memory mapping - core fixes

Posted Aug 20, 2009 1:44 UTC (Thu) by jamesmrh (guest, #31622)
Parent article: In brief

FYI, these changes are currently being merged into F11 and F10 (rawhide will pick them up automatically), and new kernels should be out v. soon.

Addressing this at the design level produces the most flexible result:

- the sysctl (mmap_min_addr) cannot be overridden at all by MAC security policy (e.g. SELinux)

- it can only be overridden with CAP_SYS_RAWIO

- if the sysctl is disabled to allow e.g. wine to run, MAC security policy can be used to add further restrictions to ensure that only wine can perform the mapping, and nothing else. i.e. running wine does not mean degrading security for the entire system.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds