aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig22
-rw-r--r--security/security.c3
2 files changed, 1 insertions, 24 deletions
diff --git a/security/Kconfig b/security/Kconfig
index bb244774e9d7..d23c839038f0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -110,28 +110,8 @@ config SECURITY_ROOTPLUG
110 110
111 See <http://www.linuxjournal.com/article.php?sid=6279> for 111 See <http://www.linuxjournal.com/article.php?sid=6279> for
112 more information about this module. 112 more information about this module.
113
114 If you are unsure how to answer this question, answer N.
115
116config SECURITY_DEFAULT_MMAP_MIN_ADDR
117 int "Low address space to protect from user allocation"
118 depends on SECURITY
119 default 0
120 help
121 This is the portion of low virtual memory which should be protected
122 from userspace allocation. Keeping a user from writing to low pages
123 can help reduce the impact of kernel NULL pointer bugs.
124
125 For most ia64, ppc64 and x86 users with lots of address space
126 a value of 65536 is reasonable and should cause no problems.
127 On arm and other archs it should not be higher than 32768.
128 Programs which use vm86 functionality would either need additional
129 permissions from either the LSM or the capabilities module or have
130 this protection disabled.
131
132 This value can be changed after boot using the
133 /proc/sys/vm/mmap_min_addr tunable.
134 113
114 If you are unsure how to answer this question, answer N.
135 115
136source security/selinux/Kconfig 116source security/selinux/Kconfig
137source security/smack/Kconfig 117source security/smack/Kconfig
diff --git a/security/security.c b/security/security.c
index 5284255c5cdf..dc7674fbfc7a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,9 +26,6 @@ extern void security_fixup_ops(struct security_operations *ops);
26 26
27struct security_operations *security_ops; /* Initialized to NULL */ 27struct security_operations *security_ops; /* Initialized to NULL */
28 28
29/* amount of vm to protect from userspace access */
30unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
31
32static inline int verify(struct security_operations *ops) 29static inline int verify(struct security_operations *ops)
33{ 30{
34 /* verify the security_operations structure exists */ 31 /* verify the security_operations structure exists */