Bug 512638

Summary: kernel: security: use mmap_min_addr independently of security models [rhel-5.4]
Product: Red Hat Enterprise Linux 5 Reporter: Eugene Teo (Security Response) <eteo>
Component: kernelAssignee: Vitaly Mayatskikh <vmayatsk>
Status: CLOSED WONTFIX QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: dzickus, eparis, jmorris, jpirko, jskrabal, lwang, pankaj_behl, security-response-team
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 512641 512642 512643 (view as bug list) Environment:
Last Closed: 2009-07-27 05:39:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 508842    
Bug Blocks: 512641, 512642, 512643    

Description Eugene Teo (Security Response) 2009-07-20 05:49:21 UTC 
Description of problem:
This patch removes the dependency of mmap_min_addr on CONFIG_SECURITY. It also sets a default mmap_min_addr of 4096.

mmapping of addresses below 4096 will only be possible for processes with CAP_SYS_RAWIO.

Upstream commit:
http://git.kernel.org/linus/e0a94c2a63f2644826069044649669b5e7ca75d3
Comment 1 Eric Paris 2009-07-20 17:28:21 UTC 
NAK, this is useless for RHEL.  We already build with CONFIG_SECURITY (selinux=0 does not change this)

This patch is a waste of time and fixes nothing.
Comment 2 Eugene Teo (Security Response) 2009-07-27 05:39:18 UTC 
As per comment #1.