Please disable the SELinux execstack/relro checks before FC5 final
Ivan Gyurdiev
ivg2 at cornell.edu
Sun Feb 19 18:37:01 UTC 2006
>
> There's an effort to limit bonobo connections from firefox to
> restricted domains only (no user_t/unconfined_t connections).... also
> challenging, because there's so many things firefox talks to, and one
> of them is sufficient to necessitate allowing communications channel
> to user_t/unconfined_t.
Isn't bonobo capable of doing exactly what we need anyway - launching
applications based on required characteristics sent over a socket to its
server? Maybe I'm ignorant of how those things work, but having a
centralized way to launch other apps (from a different process than our
own) would be very helpful to selinux.
More information about the devel
mailing list