linux/mm
Eric Paris 788084aba2 Security/SELinux: seperate lsm specific mmap_min_addr
Currently SELinux enforcement of controls on the ability to map low memory
is determined by the mmap_min_addr tunable.  This patch causes SELinux to
ignore the tunable and instead use a seperate Kconfig option specific to how
much space the LSM should protect.

The tunable will now only control the need for CAP_SYS_RAWIO and SELinux
permissions will always protect the amount of low memory designated by
CONFIG_LSM_MMAP_MIN_ADDR.

This allows users who need to disable the mmap_min_addr controls (usual reason
being they run WINE as a non-root user) to do so and still have SELinux
controls preventing confined domains (like a web server) from being able to
map some area of low memory.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-08-17 15:09:11 +10:00
..
allocpercpu.c
backing-dev.c Fix congestion_wait() sync/async vs read/write confusion 2009-07-10 20:31:53 +02:00
bootmem.c kmemleak: Add callbacks to the bootmem allocator 2009-07-08 14:25:14 +01:00
bounce.c
debug-pagealloc.c
dmapool.c
fadvise.c
failslab.c
filemap_xip.c
filemap.c mm: mark page accessed before we write_end() 2009-07-06 13:57:03 -07:00
fremap.c
highmem.c
hugetlb.c hugetlbfs: fix i_blocks accounting 2009-07-29 19:10:35 -07:00
init-mm.c
internal.h
Kconfig Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
Kconfig.debug
kmemcheck.c
kmemleak-test.c
kmemleak.c kmemleak: Protect the seq start/next/stop sequence by rcu_read_lock() 2009-07-29 12:34:58 -07:00
maccess.c
madvise.c
Makefile
memcontrol.c cgroup avoid permanent sleep at rmdir 2009-07-29 19:10:35 -07:00
memory_hotplug.c
memory.c mm: Pass virtual address to [__]p{te,ud,md}_free_tlb() 2009-07-27 12:10:38 -07:00
mempolicy.c mm: make set_mempolicy(MPOL_INTERLEAV) N_HIGH_MEMORY aware 2009-08-07 10:39:55 -07:00
mempool.c mempool.c: clean up type-casting 2009-08-10 08:31:16 -07:00
migrate.c
mincore.c
mlock.c
mm_init.c
mmap.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
mmu_notifier.c
mmzone.c
mprotect.c
mremap.c
msync.c
nommu.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
oom_kill.c
page_alloc.c page-allocator: allow too high-order warning messages to be suppressed with __GFP_NOWARN 2009-07-29 19:10:35 -07:00
page_cgroup.c
page_io.c
page_isolation.c
page-writeback.c Fix congestion_wait() sync/async vs read/write confusion 2009-07-10 20:31:53 +02:00
pagewalk.c
pdflush.c
percpu.c
prio_tree.c
quicklist.c
readahead.c
rmap.c
shmem_acl.c
shmem.c
slab.c
slob.c
slub.c kmemleak: Trace the kmalloc_large* functions in slub 2009-07-08 14:25:14 +01:00
sparse-vmemmap.c
sparse.c
swap_state.c
swap.c
swapfile.c PM / Hibernate: Replace bdget call with simple atomic_inc of i_count 2009-07-29 21:07:55 +02:00
thrash.c
truncate.c
util.c
vmalloc.c
vmscan.c Fix congestion_wait() sync/async vs read/write confusion 2009-07-10 20:31:53 +02:00
vmstat.c