On Fri, 2005-01-28 at 13:12, Stephen Smalley wrote:
I think that the allow_execmod boolean only allows execmod permission
to
files labeled with the new texrel_shlib_t type. Or at least that is
what it should do. Any existing occurrences of execmod permission in
the policy should be changed to use texrel_shlib_t now that it is
defined, and then any DSOs that require it should be relabeled to that
type.
We should also wrap occurrences of execmem with a boolean, but a
separate one than the execmod rules. Might also want multiple booleans,
e.g. to allow certain programs without allowing all others.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency