Is there a simple way to allow execmem for a single binary?
Bruno Wolff III
bruno at wolff.to
Wed Jun 27 15:12:19 UTC 2007
On Wed, Jun 27, 2007 at 07:26:53 -0400,
Daniel J Walsh <dwalsh at redhat.com> wrote:
> Bruno Wolff III wrote:
> >I have a propietary app (iHEAT) that is getting execmem denials. I would
> >prefer to allow just this one app to be able to do that rather than
> >disabling
> >the check for everything. I am using the targeted policy in Fedora 7.
> >I saw there was a context type unconfined_execmem, but that doesn't seem
> >to permit execution.
> >
> >Is there some context I can use or perhaps I need to relabel a library and
> >not the executable?
> >
> >--
> >fedora-selinux-list mailing list
> >fedora-selinux-list at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> You could always fix your app. :^)
Unfortunately I can't. I am just happy there is a Linux client so I don't
still have to keep a windows machine in my office.
> chcon -t unconfined_execmem_exec_t YOURBADAPP
Thanks!
More information about the selinux
mailing list