summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-31 15:11:22 -0500
committerJames Morris <jmorris@localhost.localdomain>2008-02-06 21:39:46 +0800
commita5ecbcb8c13ea8a822d243bf782d0dc9525b4f84 (patch)
tree902df830bf581642a49bbb1e4f4de5b9f80eeaa1 /security/security.c
parent551e4fb2465b87de9d4aa1669b27d624435443bb (diff)
downloadlwn-a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84.tar.gz
lwn-a5ecbcb8c13ea8a822d243bf782d0dc9525b4f84.zip
security: allow Kconfig to set default mmap_min_addr protection
Since it was decided that low memory protection from userspace couldn't be turned on by default add a Kconfig option to allow users/distros to set a default at compile time. This value is still tunable after boot in /proc/sys/vm/mmap_min_addr Discussion: http://www.mail-archive.com/linux-security-module@vger.kernel.org/msg02543.html Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/security/security.c b/security/security.c
index b6c57a6b2ff5..d15e56cbaade 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,7 +23,9 @@ extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);
struct security_operations *security_ops; /* Initialized to NULL */
-unsigned long mmap_min_addr; /* 0 means no protection */
+
+/* amount of vm to protect from userspace access */
+unsigned long mmap_min_addr = CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR;
static inline int verify(struct security_operations *ops)
{