diff options
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index 25ffe1b9dc98..5dfc206748cf 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -104,6 +104,24 @@ config SECURITY_ROOTPLUG | |||
104 | 104 | ||
105 | If you are unsure how to answer this question, answer N. | 105 | If you are unsure how to answer this question, answer N. |
106 | 106 | ||
107 | config SECURITY_DEFAULT_MMAP_MIN_ADDR | ||
108 | int "Low address space to protect from user allocation" | ||
109 | depends on SECURITY | ||
110 | default 0 | ||
111 | help | ||
112 | This is the portion of low virtual memory which should be protected | ||
113 | from userspace allocation. Keeping a user from writing to low pages | ||
114 | can help reduce the impact of kernel NULL pointer bugs. | ||
115 | |||
116 | For most users with lots of address space a value of 65536 is | ||
117 | reasonable and should cause no problems. Programs which use vm86 | ||
118 | functionality would either need additional permissions from either | ||
119 | the LSM or the capabilities module or have this protection disabled. | ||
120 | |||
121 | This value can be changed after boot using the | ||
122 | /proc/sys/vm/mmap_min_addr tunable. | ||
123 | |||
124 | |||
107 | source security/selinux/Kconfig | 125 | source security/selinux/Kconfig |
108 | source security/smack/Kconfig | 126 | source security/smack/Kconfig |
109 | 127 | ||