[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4689826C.5050800@redhat.com>
Date: Mon, 02 Jul 2007 18:55:40 -0400
From: Rik van Riel <riel@...hat.com>
To: Davide Libenzi <davidel@...ilserver.org>
CC: Ulrich Drepper <drepper@...il.com>,
Andy Isaacson <adi@...apodia.org>,
Kyle Moffett <mrmacman_g4@....com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [patch 0/4] MAP_NOZERO v2 - VM_NOZERO/MAP_NOZERO early summer
madness
Davide Libenzi wrote:
> On Mon, 2 Jul 2007, Ulrich Drepper wrote:
>
>> On 7/2/07, Rik van Riel <riel@...hat.com> wrote:
>>> That should not happen. The default SELinux configuration
>>> in Fedora (and Debian?) runs a few daemons in their own
>>> restricted modes and has most of the system running in
>>> unconfined_t, including the majority of user programs.
>> This is the state as of F7. This will change hopefully soon.
>> Programs like firefox run by normal users must be confined, to. Any
>> tests using security must be fast, it's not something which is done
>> only for a few apps.
>
> The strong requirement would be that the cookie is not a bit longer than
> sizeof(unsigned long).
You could easily replace the cookie with a pointer to a free
page pool.
--
Politics is the struggle between those who want to make their country
the best in the world, and those who believe it already is. Each group
calls the other unpatriotic.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists