On Sun, Jan 26, 2014 at 12:38 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > Slightly OT, but is SELinux stopping programs from executing code at > address zero? (And how can I stop it doing that?) > > JONESFORTH, a public domain FORTH I wrote, is written in x86 assembler > and prefers to put its threaded interpreter at address 0. This worked > fine before, but has now stopped working, and this is reported to be > due to SELinux. IIRC, in new kernels, /proc/sys/vm/mmap_min_addr and MAC policy both have to allow the mmap call. In older kernels, only one of them had to allow it. Maybe some day SMAP-capable machines (e.g. Haswell, I think) will ignore these settings entirely -- I think that SMAP covers all the cases that mmap_min_addr was meant to pretect against. --Andy > > http://rwmj.wordpress.com/2010/08/07/jonesforth-git-repository/#comment-6591 > > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > virt-df lists disk usage of guests without needing to install any > software inside the virtual machine. Supports Linux and Windows. > http://people.redhat.com/~rjones/virt-df/ > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
