2023-07-18 오전 4:21에 Stephen Smalley 이(가) 쓴 글:
On Mon, Jul 10, 2023 at 4:25 AM Leesoo Ahn <lsahn@xxxxxxxxxx> wrote:
>
> The major part, the conditional branch in selinux_mmap_addr() is
always to be
> false so long as CONFIG_LSM_MMAP_MIN_ADDR is set to zero at compile time.
>
> This usually happens in some linux distros, for instance Ubuntu, which
> the config is set to zero in release version. Therefore it could be a bit
> optimized with '#if <expr>' at compile time.
If your distro is configuring LSM_MMAP_MIN_ADDR to 0, you might want
to bug them about it, because that's not a great idea for security.
And if you intend to use SELinux there, you'll want it set higher.
Default value in the Kconfig is 65536.
Thank you all for feedbacks!
I'm closing the door of this topic with them.
Best regards,
Leesoo
