Merge branch 'linux-2.6'

[linux-2.6] / security / Kconfig

diff --git a/security/Kconfig b/security/Kconfig
index 8086e61058e373e68054dd166be2e942f4db2e4c..5dfc206748cfbd76f2e1f3114515aba7294cf67c 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM
 config SECURITY_CAPABILITIES
        bool "Default Linux Capabilities"
        depends on SECURITY
 config SECURITY_CAPABILITIES
        bool "Default Linux Capabilities"
        depends on SECURITY

+       default y

        help
          This enables the "default" Linux capabilities functionality.
          If you are unsure how to answer this question, answer Y.
        help
          This enables the "default" Linux capabilities functionality.
          If you are unsure how to answer this question, answer Y.


@@ -103,7 +104,26 @@ config SECURITY_ROOTPLUG
          
          If you are unsure how to answer this question, answer N.
 
          
          If you are unsure how to answer this question, answer N.
 

+config SECURITY_DEFAULT_MMAP_MIN_ADDR
+        int "Low address space to protect from user allocation"
+        depends on SECURITY
+        default 0
+        help
+         This is the portion of low virtual memory which should be protected
+         from userspace allocation.  Keeping a user from writing to low pages
+         can help reduce the impact of kernel NULL pointer bugs.
+
+         For most users with lots of address space a value of 65536 is
+         reasonable and should cause no problems.  Programs which use vm86
+         functionality would either need additional permissions from either
+         the LSM or the capabilities module or have this protection disabled.
+
+         This value can be changed after boot using the
+         /proc/sys/vm/mmap_min_addr tunable.
+
+

 source security/selinux/Kconfig
 source security/selinux/Kconfig

+source security/smack/Kconfig

 
 endmenu
 
 
 endmenu