linux/security
Eric Paris a2551df7ec Security/SELinux: seperate lsm specific mmap_min_addr
Currently SELinux enforcement of controls on the ability to map low memory
is determined by the mmap_min_addr tunable.  This patch causes SELinux to
ignore the tunable and instead use a seperate Kconfig option specific to how
much space the LSM should protect.

The tunable will now only control the need for CAP_SYS_RAWIO and SELinux
permissions will always protect the amount of low memory designated by
CONFIG_LSM_MMAP_MIN_ADDR.

This allows users who need to disable the mmap_min_addr controls (usual reason
being they run WINE as a non-root user) to do so and still have SELinux
controls preventing confined domains (like a web server) from being able to
map some area of low memory.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-08-06 09:02:23 +10:00
..
integrity/ima integrity: add ima_counts_put (updated) 2009-06-29 08:59:10 +10:00
keys kernel: rename is_single_threaded(task) to current_is_single_threaded(void) 2009-07-17 09:10:42 +10:00
selinux Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-06 09:02:23 +10:00
smack security/smack: Use AF_INET for sin_family field 2009-08-06 08:46:15 +10:00
tomoyo TOMOYO: Remove next_domain from tomoyo_find_next_domain(). 2009-06-19 18:48:18 +10:00
capability.c Capabilities: move cap_file_mmap to commoncap.c 2009-08-06 09:02:17 +10:00
commoncap.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-06 09:02:23 +10:00
device_cgroup.c devcgroup: skip superfluous checks when found the DEV_ALL elem 2009-06-18 13:03:47 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-06 09:02:23 +10:00
lsm_audit.c
Makefile Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-06 09:02:23 +10:00
min_addr.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-06 09:02:23 +10:00
root_plug.c rootplug: Remove redundant initialization. 2009-05-27 13:30:46 +10:00
security.c security: rename ptrace_may_access => ptrace_access_check 2009-06-25 00:18:05 +10:00