SELinux removed from desktop cd spin?

Daniel J Walsh dwalsh at redhat.com
Fri Jan 18 13:30:44 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Olivier Galibert wrote:
> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
>> <tunable name="allow_execmem" dftval="false">
>> <desc>
>> <p>
>> Allow unconfined executables to map a memory region as both executable
>> and writable, this is dangerous and the executable should be reported in
>> bugzilla")
> 
> That should be "to map a file in a memory region", as UD's page
> explains.  Otherwise anyone who knows a little about dynamic
> recompilers/JITs is gonna go "huh?".
> 
>   OG.
> 
Bad cut and paste.  The one I pasted was for allow_execmem.  Where the
definition is correct.  java/mono apps are not confined by this, since
they run under a different context.

</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text
relocation that are not labeled textrel_shlib_t")
</p>
</desc>
</tunable>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeQqgMACgkQrlYvE4MpobMllACfbUExz5TnteGJqrtJVpg+p7q6
f0EAoOX4qBNtr/svMG28E8X6sLYnBW2F
=tFNe
-----END PGP SIGNATURE-----




More information about the devel mailing list