diff options
Diffstat (limited to 'security/Kconfig')
| -rw-r--r-- | security/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index d23c839038f0..9c60c346a91d 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -113,6 +113,22 @@ config SECURITY_ROOTPLUG | |||
| 113 | 113 | ||
| 114 | If you are unsure how to answer this question, answer N. | 114 | If you are unsure how to answer this question, answer N. |
| 115 | 115 | ||
| 116 | config LSM_MMAP_MIN_ADDR | ||
| 117 | int "Low address space for LSM to from user allocation" | ||
| 118 | depends on SECURITY && SECURITY_SELINUX | ||
| 119 | default 65535 | ||
| 120 | help | ||
| 121 | This is the portion of low virtual memory which should be protected | ||
| 122 | from userspace allocation. Keeping a user from writing to low pages | ||
| 123 | can help reduce the impact of kernel NULL pointer bugs. | ||
| 124 | |||
| 125 | For most ia64, ppc64 and x86 users with lots of address space | ||
| 126 | a value of 65536 is reasonable and should cause no problems. | ||
| 127 | On arm and other archs it should not be higher than 32768. | ||
| 128 | Programs which use vm86 functionality or have some need to map | ||
| 129 | this low address space will need the permission specific to the | ||
| 130 | systems running LSM. | ||
| 131 | |||
| 116 | source security/selinux/Kconfig | 132 | source security/selinux/Kconfig |
| 117 | source security/smack/Kconfig | 133 | source security/smack/Kconfig |
| 118 | source security/tomoyo/Kconfig | 134 | source security/tomoyo/Kconfig |