Hi, >> The file "/proc/sys/kernel/randomize_va_space" has write permission for user as below: >> [root at shagun ~]# ls -lrtZ /proc/sys/kernel/randomize_va_space >> rw-r--r--. root root system_u:object_r:proc_security_t:s0 /proc/sys/kernel/randomize_va_space >> >> If we want to change this permission to read only permission for the user. Is it possible? >> >> And i found the code also: >> >> kernel/sysctl.c @@ -1130,7 +1130,11 @@ static struct ctl_table kern_table[] = { .procname = "randomize_va_space", .data = &randomize_va_space, .maxlen = sizeof(int), +#ifdef CONFIG_ASLR_SYSCTL_READ_ONLY + .mode = 0444, +#else .mode = 0644, +#endif >> >> Can we make it as 0444, currently randomize_va_space is 644? > Any changes to the kernel should be requested through > https://clicktime.symantec.com/3KpmXJbD9xEqbGPHpBNCtpd7Vc?u=https%3A%2F%2Fbugzilla.redhat.com%2F for RHEL7's kernel package. > Why do you want root to not be able to write to that sysctl? Do you > not want it to be able to be modified? Because While running dASLR tool, "randomize_va_space unconfigurable" test in "Kernel Check" is FAILED. As per support for dASLR tool, "randomize_va_space_unconfigurable" fail means that "/proc/sys/kernel/randomize_va_space" has write permission. Regards, Shagun