X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=security%2FKconfig;h=62ed4717d334f3f10de514aa4b9e088f4b2ca827;hb=e7849f16c13476288fe4fbd420975e8456c75aa0;hp=25ffe1b9dc98467d7be1ec373c7024f246172e0b;hpb=b297d520b9af536d5580ac505dd316be4cf5560c;p=pandora-kernel.git diff --git a/security/Kconfig b/security/Kconfig index 25ffe1b9dc98..62ed4717d334 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -73,17 +73,9 @@ config SECURITY_NETWORK_XFRM IPSec. If you are unsure how to answer this question, answer N. -config SECURITY_CAPABILITIES - bool "Default Linux Capabilities" - depends on SECURITY - default y - help - This enables the "default" Linux capabilities functionality. - If you are unsure how to answer this question, answer Y. - config SECURITY_FILE_CAPABILITIES bool "File POSIX Capabilities (EXPERIMENTAL)" - depends on (SECURITY=n || SECURITY_CAPABILITIES!=n) && EXPERIMENTAL + depends on EXPERIMENTAL default n help This enables filesystem capabilities, allowing you to give @@ -104,6 +96,26 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. +config SECURITY_DEFAULT_MMAP_MIN_ADDR + int "Low address space to protect from user allocation" + depends on SECURITY + default 0 + help + This is the portion of low virtual memory which should be protected + from userspace allocation. Keeping a user from writing to low pages + can help reduce the impact of kernel NULL pointer bugs. + + For most ia64, ppc64 and x86 users with lots of address space + a value of 65536 is reasonable and should cause no problems. + On arm and other archs it should not be higher than 32768. + Programs which use vm86 functionality would either need additional + permissions from either the LSM or the capabilities module or have + this protection disabled. + + This value can be changed after boot using the + /proc/sys/vm/mmap_min_addr tunable. + + source security/selinux/Kconfig source security/smack/Kconfig