diff options
| author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-12 16:46:48 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-12 16:46:48 -0400 |
| commit | bb50cbbd4beacd5ceda76c32fcb116c67fe8c66c (patch) | |
| tree | d57fe1a7c4214afbaacbcc5fb62ea6a5e9169b3f /Documentation | |
| parent | 702ed6ef375c19d65f2eeeefd3851476f2c4cee4 (diff) | |
| parent | d4cf291526a74cc33d33700a35b74395eec812fd (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
security: unexport mmap_min_addr
SELinux: use SECINITSID_NETMSG instead of SECINITSID_UNLABELED for NetLabel
security: Protection for exploiting null dereference using mmap
SELinux: Use %lu for inode->i_no when printing avc
SELinux: allow preemption between transition permission checks
selinux: introduce schedule points in policydb_destroy()
selinux: add selinuxfs structure for object class discovery
selinux: change sel_make_dir() to specify inode counter.
selinux: rename sel_remove_bools() for more general usage.
selinux: add support for querying object classes and permissions from the running policy
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/sysctl/vm.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/Documentation/sysctl/vm.txt b/Documentation/sysctl/vm.txt index 1d192565e182..8cfca173d4bc 100644 --- a/Documentation/sysctl/vm.txt +++ b/Documentation/sysctl/vm.txt | |||
| @@ -31,6 +31,7 @@ Currently, these files are in /proc/sys/vm: | |||
| 31 | - min_unmapped_ratio | 31 | - min_unmapped_ratio |
| 32 | - min_slab_ratio | 32 | - min_slab_ratio |
| 33 | - panic_on_oom | 33 | - panic_on_oom |
| 34 | - mmap_min_address | ||
| 34 | 35 | ||
| 35 | ============================================================== | 36 | ============================================================== |
| 36 | 37 | ||
| @@ -216,3 +217,17 @@ above-mentioned. | |||
| 216 | The default value is 0. | 217 | The default value is 0. |
| 217 | 1 and 2 are for failover of clustering. Please select either | 218 | 1 and 2 are for failover of clustering. Please select either |
| 218 | according to your policy of failover. | 219 | according to your policy of failover. |
| 220 | |||
| 221 | ============================================================== | ||
| 222 | |||
| 223 | mmap_min_addr | ||
| 224 | |||
| 225 | This file indicates the amount of address space which a user process will | ||
| 226 | be restricted from mmaping. Since kernel null dereference bugs could | ||
| 227 | accidentally operate based on the information in the first couple of pages | ||
| 228 | of memory userspace processes should not be allowed to write to them. By | ||
| 229 | default this value is set to 0 and no protections will be enforced by the | ||
| 230 | security module. Setting this value to something like 64k will allow the | ||
| 231 | vast majority of applications to work correctly and provide defense in depth | ||
| 232 | against future potential kernel bugs. | ||
| 233 | |||