On 2/15/06, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Jonathan Berry wrote:
> On 2/13/06, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> [snip]
>> Try setsebool -P allow_execstack=1
>
> Yes, this allows both Firefox and Evolution to start up normally.
> What exactly does this do? Doesn't appear to be a very security
> conscious fix. Does this just mean that NSS needs an executable stack
> and wasn't given one?
>
> Jonathan
>
Yes. We are investigating why it needs an executable stack.
Looks like this is an initialization thing. So after the first time you
can turn it off. Although I think flash player needs it too.
After installing Core 5 Test 3, I am not seeing any more issues with
this. In fact, I had not in my Test 2 (and updates) install after
running the above command, but I was not sure if something got fixed
or if the command just "stuck." It seems the -P writes the setting to
file, but I do not remember completely. I cannot check that since I
cannot seem to get a man page for setsebool, even though it is
mentioned in the selinux man page.
$ man setsebool
No manual entry for setsebool
Is something wrong here? From "man selinux":
SEE ALSO
booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restore-
Jonathan