I want to turn on a part of the kernel to make SELinux checking more stringent.
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 27 15:46:25 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2014 07:29 PM, Alek Paunov wrote:
> On 24.01.2014 21:20, Daniel J Walsh wrote:
>>>
>> No, we pretty much allow executable stack/memory from user processes now
>> and block it for most daemons, except for those that need it. My
>> understanding of this change is that the kernel was not doing complete
>> checking, but most apps at this point do the right thing. We will turn
>> it on in Rawhide and through the beta. If we see problems we will
>> revert. It is now a one line change in
>>
>
> SELinux newbie question: Where the daemons exception is actually defined.
> My practical interest is: What should be added to LuaJIT [1] to be able to
> run e.g. non-packaged web servers like [2]?
>
> Thanks, Alek
>
> [1] http://pkgs.fedoraproject.org/cgit/luajit.git/plain/luajit.spec [2]
> https://github.com/kernelsauce/turbo
>
I don't really understand your question.
When you run your Web Server does SELinux actually block anything?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLmf1EACgkQrlYvE4MpobMNAQCeKcLabW047Plzf6MDdXUIfBEk
uBMAn3Oq2ZBEnvDQcKLdV8u/iKEz3CTu
=mdtX
-----END PGP SIGNATURE-----
More information about the devel
mailing list