On Tue, 2009-07-21 at 17:09 +0100, Alan Cox wrote: > It's a really ugly problem that almost begs for better hardware > facilities (such as the multiple independent address spaces in some > processors) If only we knew someone who worked at intel..... *smile* Are you on board with the change I propose as long as I make the address space controlled by SELinux tunable instead of fixed at one page? Thus allowing one to maintain the status quo? Yeah, still sucks for non-selinux systems and wine, but at least there can be hardening against a non-root local authenticated user on a default fedora install... -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
