diff options
-rw-r--r-- | include/linux/security.h | 7 | ||||
-rw-r--r-- | kernel/sysctl.c | 2 | ||||
-rw-r--r-- | mm/Kconfig | 1 | ||||
-rw-r--r-- | security/Makefile | 3 |
4 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 466cbadbd1ef..2c627d361c02 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -95,8 +95,13 @@ struct seq_file; | |||
95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
97 | 97 | ||
98 | #ifdef CONFIG_MMU | ||
98 | extern unsigned long mmap_min_addr; | 99 | extern unsigned long mmap_min_addr; |
99 | extern unsigned long dac_mmap_min_addr; | 100 | extern unsigned long dac_mmap_min_addr; |
101 | #else | ||
102 | #define dac_mmap_min_addr 0UL | ||
103 | #endif | ||
104 | |||
100 | /* | 105 | /* |
101 | * Values used in the task_security_ops calls | 106 | * Values used in the task_security_ops calls |
102 | */ | 107 | */ |
@@ -121,6 +126,7 @@ struct request_sock; | |||
121 | #define LSM_UNSAFE_PTRACE 2 | 126 | #define LSM_UNSAFE_PTRACE 2 |
122 | #define LSM_UNSAFE_PTRACE_CAP 4 | 127 | #define LSM_UNSAFE_PTRACE_CAP 4 |
123 | 128 | ||
129 | #ifdef CONFIG_MMU | ||
124 | /* | 130 | /* |
125 | * If a hint addr is less than mmap_min_addr change hint to be as | 131 | * If a hint addr is less than mmap_min_addr change hint to be as |
126 | * low as possible but still greater than mmap_min_addr | 132 | * low as possible but still greater than mmap_min_addr |
@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint) | |||
135 | } | 141 | } |
136 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, | 142 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, |
137 | void __user *buffer, size_t *lenp, loff_t *ppos); | 143 | void __user *buffer, size_t *lenp, loff_t *ppos); |
144 | #endif | ||
138 | 145 | ||
139 | #ifdef CONFIG_SECURITY | 146 | #ifdef CONFIG_SECURITY |
140 | 147 | ||
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 45e4bef0012a..856a24eadf7e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = { | |||
1214 | .proc_handler = proc_dointvec_jiffies, | 1214 | .proc_handler = proc_dointvec_jiffies, |
1215 | }, | 1215 | }, |
1216 | #endif | 1216 | #endif |
1217 | #ifdef CONFIG_MMU | ||
1217 | { | 1218 | { |
1218 | .procname = "mmap_min_addr", | 1219 | .procname = "mmap_min_addr", |
1219 | .data = &dac_mmap_min_addr, | 1220 | .data = &dac_mmap_min_addr, |
@@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = { | |||
1221 | .mode = 0644, | 1222 | .mode = 0644, |
1222 | .proc_handler = mmap_min_addr_handler, | 1223 | .proc_handler = mmap_min_addr_handler, |
1223 | }, | 1224 | }, |
1225 | #endif | ||
1224 | #ifdef CONFIG_NUMA | 1226 | #ifdef CONFIG_NUMA |
1225 | { | 1227 | { |
1226 | .procname = "numa_zonelist_order", | 1228 | .procname = "numa_zonelist_order", |
diff --git a/mm/Kconfig b/mm/Kconfig index 43ea8c3a2bbf..ee9f3e0f2b69 100644 --- a/mm/Kconfig +++ b/mm/Kconfig | |||
@@ -221,6 +221,7 @@ config KSM | |||
221 | 221 | ||
222 | config DEFAULT_MMAP_MIN_ADDR | 222 | config DEFAULT_MMAP_MIN_ADDR |
223 | int "Low address space to protect from user allocation" | 223 | int "Low address space to protect from user allocation" |
224 | depends on MMU | ||
224 | default 4096 | 225 | default 4096 |
225 | help | 226 | help |
226 | This is the portion of low virtual memory which should be protected | 227 | This is the portion of low virtual memory which should be protected |
diff --git a/security/Makefile b/security/Makefile index bb44e350c618..da20a193c8dd 100644 --- a/security/Makefile +++ b/security/Makefile | |||
@@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack | |||
8 | subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo | 8 | subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo |
9 | 9 | ||
10 | # always enable default capabilities | 10 | # always enable default capabilities |
11 | obj-y += commoncap.o min_addr.o | 11 | obj-y += commoncap.o |
12 | obj-$(CONFIG_MMU) += min_addr.o | ||
12 | 13 | ||
13 | # Object file lists | 14 | # Object file lists |
14 | obj-$(CONFIG_SECURITY) += security.o capability.o | 15 | obj-$(CONFIG_SECURITY) += security.o capability.o |