Fedora Board Recap 2007-JUL-31
Stephen Smalley
sds at tycho.nsa.gov
Fri Aug 3 15:41:22 UTC 2007
On Fri, 2007-08-03 at 08:50 -0400, Jesse Keating wrote:
> On Fri, 03 Aug 2007 08:34:53 -0400
> Stephen Smalley <sds at tycho.nsa.gov> wrote:
>
> > Is the ppc selinux problem a recurrence of the execmem denials due to
> > broken compiler toolchain? Is there a bug report on it?
> > If you just dropped linux-2.6-selinux-mprotect-checks.patch from the
> > Fedora kernel would it allow you to leave selinux enabled on ppc?
>
> It's due to using wrong compiler flags for ppc32 binaries resulting in
> every binary wanting execmem. Selinux obviously denies this. I'm not
> sure if there is a bug # yet, I've asked jakub to keep me informed when
> there is one so that we can track it for the mass rebuild that will be
> necessary.
Ok, but note that upstream, those checks are disabled for ppc32 entirely
because of this; only Fedora enables them in its ppc32 kernel (and only
because they fixed the toolchain and rebuilt earlier). So the other
option if a mass rebuild isn't feasible is to just disable those checks
in the ppc32 kernel (just drop the current patch from the Fedora kernel
and rebuild, reverting to upstream behavior).
--
Stephen Smalley
National Security Agency
More information about the advisory-board
mailing list