security: select correct default LSM_MMAP_MIN_ADDR on ARM.

The default for this is universally set to 64k, but the help says: For most ia64, ppc64 and x86 users with lots of address space a value of 65536 is reasonable and should cause no problems. On arm and other archs it should not be higher than 32768. The text is right, in that we are seeing selinux-enabled ARM targets that fail to launch /sbin/init because selinux blocks a memory map. So select the right value if we know we are building ARM. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>

security: select correct default LSM_MMAP_MIN_ADDR on ARM.
The default for this is universally set to 64k, but the help says: For most ia64, ppc64 and x86 users with lots of address space a value of 65536 is reasonable and should cause no problems. On arm and other archs it should not be higher than 32768. The text is right, in that we are seeing selinux-enabled ARM targets that fail to launch /sbin/init because selinux blocks a memory map. So select the right value if we know we are building ARM. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Gortmaker · James Morris
1 parent 4aab1e896a
Showing 1 changed file with 1 additions and 0 deletions Side-by-side Diff
security/Kconfig
@@ -167,6 +167,7 @@
 config LSM_MMAP_MIN_ADDR
 	int "Low address space for LSM to protect from user allocation"
 	depends on SECURITY && SECURITY_SELINUX
+	default 32768 if ARM
 	default 65536
 	help
 	  This is the portion of low virtual memory which should be protected
...	...	@@ -167,6 +167,7 @@
167	167	config LSM_MMAP_MIN_ADDR
168	168	int "Low address space for LSM to protect from user allocation"
169	169	depends on SECURITY && SECURITY_SELINUX
	170	+ default 32768 if ARM
170	171	default 65536
171	172	help
172	173	This is the portion of low virtual memory which should be protected