-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/26/2014 03:49 PM, Andrew Lutomirski wrote: > On Sun, Jan 26, 2014 at 12:38 PM, Richard W.M. Jones <rjones@xxxxxxxxxx> > wrote: >> Slightly OT, but is SELinux stopping programs from executing code at >> address zero? (And how can I stop it doing that?) >> >> JONESFORTH, a public domain FORTH I wrote, is written in x86 assembler >> and prefers to put its threaded interpreter at address 0. This worked >> fine before, but has now stopped working, and this is reported to be due >> to SELinux. > > IIRC, in new kernels, /proc/sys/vm/mmap_min_addr and MAC policy both have > to allow the mmap call. In older kernels, only one of them had to allow > it. > > Maybe some day SMAP-capable machines (e.g. Haswell, I think) will ignore > these settings entirely -- I think that SMAP covers all the cases that > mmap_min_addr was meant to pretect against. > > --Andy > setsebool -P mmap_low_allowed 1 Will turn off this protection from an SELinux point of view, although you should be careful with this. >> >> http://rwmj.wordpress.com/2010/08/07/jonesforth-git-repository/#comment-6591 >> >> >> >> Rich. >> >> -- Richard Jones, Virtualization Group, Red Hat >> http://people.redhat.com/~rjones virt-df lists disk usage of guests >> without needing to install any software inside the virtual machine. >> Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ -- >> devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of >> Conduct: http://fedoraproject.org/code-of-conduct -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLmfwEACgkQrlYvE4MpobOECwCfVZ5Q7fMjcYQQ/KHRZF2krmq3 07EAn0BUTIuX/i3WtlEd3MBaMXqpj5Xl =dnIj -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
