+++ This bug was initially created as a clone of Bug #511143 +++
I have a fix for this in selinux-policy-2.4.6-252.el5
--- Additional comment from eteo on 2009-07-17 06:53:30 EDT ---
The default SELinux policy allows processes in the unconfined domains to map low memory in the kernel. We are updating the selinux-policy package to allow the user to set the allow_unconfined_mmap_low boolean, and to prevent unconfined_t from being able to map low memory in the kernel. No Relabel or Reboot required.