On Sun, 19 Jul 2009, Christoph H?ger wrote: > > But for those that use the policy defaults i am sorry because they are > > (more) vulnerable to this issue, > > More? In what way can SELinux make you _more_ vulnerable? LSM are > stackable, right? So basically all SELinux could do is restrict access > and not allow access that already is denied by the dummy LSM, or not? Usually, but in this case, the problem is that SELinux (and this could happen to any LSM, really) allowed more access than the configured default. We want to be able to use MAC policy to allow applications to mmap low memory. There does not seem to be a really great solution which avoids the problem of then allowing more access than would otherwise be allowed. Consider, though, that you you wanted to run wine on a standard system, you would disable mmap_min_addr entirely for everything on the system. Most people will probably not need to do that and have it set at the normal value. Perhaps what we should do is never allow SELinux policy to reduce the protection level here, which would mean that if someone wants to allow an app to mmap low memory, they have to: a) disable protection globally via the sysctl b) then depend entirely on SELinux to enforce it except for domains with the mmap_zero permission So, IOW, the SELinux permission won't have any effect until the admin removes the "DAC" control globally. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
