On Sat, Apr 12, 2008 at 01:51:54PM -0400, Bart Oldeman wrote: > Hi, > > you can check the value of > /proc/sys/vm/mmap_min_addr > and if it is non-zero, use > echo 0 > /proc/sys/vm/mmap_min_addr That's exactly it. Big thanks. Ivan > I am not sure what Ubuntu has been up to exactly: this is something > that only works with SELinux enabled in enforcing mode. > > This is the help: > +config SECURITY_DEFAULT_MMAP_MIN_ADDR > + int "Low address space to protect from user allocation" > + depends on SECURITY > + default 0 > + help > + This is the portion of low virtual memory which should be protected > + from userspace allocation. Keeping a user from writing to low pages > + can help reduce the impact of kernel NULL pointer bugs. > + > + For most users with lots of address space a value of 65536 is > + reasonable and should cause no problems. Programs which use vm86 > + functionality would either need additional permissions from either > + the LSM or the capabilities module or have this protection disabled. > + > + This value can be changed after boot using the > + /proc/sys/vm/mmap_min_addr tunable. > + > + > > I am not sure how to give DOSEMU special permission -- maybe you could > ask Ubuntu kernel maintainers about why they changed mmap_min_addr? > > (o and this is speculation on my part, perhaps there is a different > problem in which case I don't know). > > Bart -- To unsubscribe from this list: send the line "unsubscribe linux-msdos" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
