On Sam 10 décembre 2005 21:37, Ulrich Drepper wrote:
Nicolas Mailhot wrote:
> avc: denied { execmem } for pid=2950 comm="thunderbird-bin"
> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
If this really happens then this is a terrible bug in tbird. It's
nothing which should be patched with the policy. By not adding the
support to catch these problems early the code won't be fixed.
New rules are often added for a specific purpose: discover bugs in
programs and stop existing threats. It would be wrong to not attack
these as soon as possible.
It really happens, at least there (and thunderbird hasn't been updated,
only selinux was - so it was happening before).
So there are lots of work to do with existing rules before even thinking
of moving to new bits like httpd port policy.
--
Nicolas Mailhot