security: set DEFAULT_MMAP_MIN_ADDR to 65536
Low address space to protect from user allocation, see a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84, runtime tunable on /proc/sys/vm/mmap_min_addr. let's see if we get any fallout. double checked after Kconfig recommendation that fedora uses that recommendation too. svn path=/dists/trunk/linux-2.6/; revision=10769
This commit is contained in:
parent
46582e70ae
commit
38c07b2271
|
@ -30,6 +30,8 @@ linux-2.6 (2.6.25~rc5-1~experimental.1) UNRELEASED; urgency=low
|
|||
* Tighten yaird dependency. (closes: #403171)
|
||||
* Configs general cleanup, centralize USB_NET, disable IRDA_DEBUG.
|
||||
* postinst: Nuke confusing postinst message. (closes: #465512)
|
||||
* [SECURITY]: Set DEFAULT_MMAP_MIN_ADDR to 65536 enabling low address space
|
||||
protection from user allocation - /proc/sys/vm/mmap_min_addr tunable.
|
||||
|
||||
[ Martin Michlmayr ]
|
||||
* [arm/armel] Add a kernel for Orion based devices, such as the QNAP
|
||||
|
|
|
@ -1872,6 +1872,7 @@ CONFIG_SECURITY=y
|
|||
CONFIG_SECURITY_CAPABILITIES=y
|
||||
CONFIG_SECURITY_FILE_CAPABILITIES=y
|
||||
# CONFIG_SECURITY_ROOTPLUG is not set
|
||||
CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536
|
||||
CONFIG_SECURITY_SELINUX=y
|
||||
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
|
||||
|
|
Loading…
Reference in New Issue