Mailinglist Archive: opensuse-kernel (79 mails)

< Previous Next >
Re: [opensuse-kernel] Question about Apparmor kernel code

----- Original Message ----- From: "Jiri Benc" <jbenc@xxxxxxx>
To: <opensuse-kernel@xxxxxxxxxxxx>
Cc: <jiri@xxxxxxxxxxx>; "Jeff Mahoney" <jeffm@xxxxxxxx>
Sent: Monday, September 20, 2010 1:48 PM
Subject: Re: [opensuse-kernel] Question about Apparmor kernel code


On Sun, 19 Sep 2010 12:09:13 +0200, Jiri Malak wrote:
I would like to fix Bug 551799 - Dosemu doesn't start except from root account
which is caused by
Apparmor code in kernel.

This should be solved by setting CONFIG_LSM_MMAP_MIN_ADDR to 0,
shouldn't it?

Jeff, what do you think? Currently, it's 4096 in openSUSE-11.3 branch.


It is simplest fix but it circumvents security rules.
If I understand correctly this problem then it should be handled by sysctl command (by root) to setup mmap_min_addr = 0 and
by Apparmor profile capability CAP_ROWIO.

Jiri
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-kernel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References