diff options
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index d23c839038f0..4c865345caa0 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -113,6 +113,22 @@ config SECURITY_ROOTPLUG | |||
113 | 113 | ||
114 | If you are unsure how to answer this question, answer N. | 114 | If you are unsure how to answer this question, answer N. |
115 | 115 | ||
116 | config LSM_MMAP_MIN_ADDR | ||
117 | int "Low address space for LSM to protect from user allocation" | ||
118 | depends on SECURITY && SECURITY_SELINUX | ||
119 | default 65536 | ||
120 | help | ||
121 | This is the portion of low virtual memory which should be protected | ||
122 | from userspace allocation. Keeping a user from writing to low pages | ||
123 | can help reduce the impact of kernel NULL pointer bugs. | ||
124 | |||
125 | For most ia64, ppc64 and x86 users with lots of address space | ||
126 | a value of 65536 is reasonable and should cause no problems. | ||
127 | On arm and other archs it should not be higher than 32768. | ||
128 | Programs which use vm86 functionality or have some need to map | ||
129 | this low address space will need the permission specific to the | ||
130 | systems running LSM. | ||
131 | |||
116 | source security/selinux/Kconfig | 132 | source security/selinux/Kconfig |
117 | source security/smack/Kconfig | 133 | source security/smack/Kconfig |
118 | source security/tomoyo/Kconfig | 134 | source security/tomoyo/Kconfig |