Commit e6a7b37d authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago

Restrict mapping low memory.


Label /proc/sys/vm/mmap_min_addr with proc_security to prevent
writing it by any domain other than init.  Also remove memprotect
mmap_zero permission from unconfineddomain so that it cannot pass
the SELinux check over mapping low memory.

Change-Id: Idc189feeb325a4aea26c93396fd0fa7225e79586
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

parent 95e0842e

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 1 addition and 1 deletion

Please register or to comment