Something went wrong on our end
-
Stephen Smalley authoredLabel /proc/sys/vm/mmap_min_addr with proc_security to prevent writing it by any domain other than init. Also remove memprotect mmap_zero permission from unconfineddomain so that it cannot pass the SELinux check over mapping low memory. Change-Id: Idc189feeb325a4aea26c93396fd0fa7225e79586 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredLabel /proc/sys/vm/mmap_min_addr with proc_security to prevent writing it by any domain other than init. Also remove memprotect mmap_zero permission from unconfineddomain so that it cannot pass the SELinux check over mapping low memory. Change-Id: Idc189feeb325a4aea26c93396fd0fa7225e79586 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>