SELinux removed from desktop cd spin?

Paul Howarth paul at city-fan.org
Mon Jan 21 16:32:31 UTC 2008


Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Olivier Galibert wrote:
>> On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Olivier Galibert wrote:
>>>> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
>>>>> <tunable name="allow_execmem" dftval="false">
>>>>> <desc>
>>>>> <p>
>>>>> Allow unconfined executables to map a memory region as both executable
>>>>> and writable, this is dangerous and the executable should be reported in
>>>>> bugzilla")
>>>> That should be "to map a file in a memory region", as UD's page
>>>> explains.  Otherwise anyone who knows a little about dynamic
>>>> recompilers/JITs is gonna go "huh?".
>>>>
>>>>   OG.
>>>>
>>> Bad cut and paste.  The one I pasted was for allow_execmem.  Where the
>>> definition is correct.
>> You mean Ulrich's page is incorrect then?  I indeed had noticed it was
>> about execmem.
>>
>>
>>> java/mono apps are not confined by this, since
>>> they run under a different context.
>> Java/Mono are not the only programs with dynamic code generators in
>> them.
>>
>>   OG.
>>
> THe attached file is the file context of all files in Rawhide (Probably
> F8) that are marked as allowing execmem/execstack.
> 
> If you know of others, we need to update this list.

Shouldn't this list also include things labelled as 
unconfined_notrans_exec_t such as mock and sysreport?

Paul.




More information about the devel mailing list