Re: execmod avcs from today's policy

Friday, 28 January 2005

On Fri, 2005-01-28 at 13:12, Stephen Smalley wrote:
...
 I think that the allow_execmod boolean only allows execmod permission
to
 files labeled with the new texrel_shlib_t type.  Or at least that is
 what it should do.  Any existing occurrences of execmod permission in
 the policy should be changed to use texrel_shlib_t now that it is
 defined, and then any DSOs that require it should be relabeled to that
 type. 
We should also wrap occurrences of execmem with a boolean, but a
separate one than the execmod rules.  Might also want multiple booleans,
e.g. to allow certain programs without allowing all others.

-- 
Stephen Smalley <sds(a)epoch.ncsc.mil&gt;
National Security Agency

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: execmod avcs from today's policy