Mailinglist Archive: opensuse-kernel (79 mails)
| < Previous | Next > |
Re: [opensuse-kernel] Question about Apparmor kernel code
- From: "Jiri Malak" <malak.jiri@xxxxxxxxx>
- Date: Mon, 20 Sep 2010 21:27:44 +0200
- Message-id: <539C7409D2BF4FD19913D864E5674F10@jirkast>
----- Original Message ----- From: "Jiri Benc" <jbenc@xxxxxxx>
To: <opensuse-kernel@xxxxxxxxxxxx>
Cc: <jiri@xxxxxxxxxxx>; "Jeff Mahoney" <jeffm@xxxxxxxx>
Sent: Monday, September 20, 2010 1:48 PM
Subject: Re: [opensuse-kernel] Question about Apparmor kernel code
On Sun, 19 Sep 2010 12:09:13 +0200, Jiri Malak wrote:
I would like to fix Bug 551799 - Dosemu doesn't start except from root account
which is caused by
Apparmor code in kernel.
This should be solved by setting CONFIG_LSM_MMAP_MIN_ADDR to 0,
shouldn't it?
Jeff, what do you think? Currently, it's 4096 in openSUSE-11.3 branch.
It is simplest fix but it circumvents security rules.
If I understand correctly this problem then it should be handled by sysctl command (by root) to setup mmap_min_addr = 0 and
by Apparmor profile capability CAP_ROWIO.
Jiri
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kernel+help@xxxxxxxxxxxx
| < Previous | Next > |