Red Hat Bugzilla – Bug 512605
selinux policy allows addr 0 mappings by default
Last modified: 2013-03-13 01:45:43 EDT
+++ This bug was initially created as a clone of Bug #511143 +++
I have a fix for this in selinux-policy-2.4.6-252.el5
--- Additional comment from firstname.lastname@example.org on 2009-07-17 06:53:30 EDT ---
The default SELinux policy allows processes in the unconfined domains to map low memory in the kernel. We are updating the selinux-policy package to allow the user to set the allow_unconfined_mmap_low boolean, and to prevent unconfined_t from being able to map low memory in the kernel. No Relabel or Reboot required.
Fixed in selinux-policy-3.6.22-2.fc12
I think you should push the policy update to Fedora 11 and Fedora 10 as well.
Miroslav is preparing updates for F10 and F11.