On Tue, Dec 31, 2013 at 1:01 PM, Eric Paris <eparis@xxxxxxxxxx> wrote: > I notice that on x86_64 we set > > CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 > CONFIG_LSM_MMAP_MIN_ADDR=65536 > > I think we should be defaulting the DAC based protection to 64k as well > (or dropping the LSM value to 4k). I guess the Kconfig default is 4k > but testing when we wrote this feature said > > ia64, ppc64 and x86 could safely be 64k > arm and maybe others should only be 32k > > If it is safe to run with SELinux enforcing 64k it should be safe to run > with root/non-root enforcing 64k... OK. I'll bump it to 64k on x86_64 with the next rawhide build I do. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
