execmem_exec_t, unconfined.te and nsplugin
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 12 16:50:53 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Nall wrote:
> libsepol.print_missing_requirements: nsplugin's global requirements were
> not met: type/attribute execmem_exec_t
> /usr/bin/semodule_link: Error while linking packages
> make[1]: *** [validate] Error 1
> make[1]: Leaving directory
> `/home/joe/src2/Linux_x86_64/BUILD/rpmbuild/BUILD/serefpolicy-3.5.13'
> error: Bad exit status from /var/tmp/rpm-tmp.XoIIV1 (%install)
>
> I'm trying to build an mls policy with nsplugin defined as a module in
> modules-mls.conf. nsplugin depends on execmem_exec_t which is defined in
> unconfined.te which is _not_ a module in modules-mls.conf, creating the
> error above.
>
> Is there a better place to declare execmem_exec_t (userdomain.te?).
>
> joe
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Yes, I think we should create a new app execmem.te and move stuff there.
Java, Mono, and other apps fall into this categorie, of applications
that users execute that require execmem, execstack privs.
What we really need is
USERTYPE_t executes execmem_exec_t gets USERTYPE_EXECMEM_T ==
(USERTYPE_T + execmem and execstack)
Currently execmem_exec_t is just a rename of unconfined_execmem_exec_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklrdO0ACgkQrlYvE4MpobMraACgl98E+0lh8VFEVJUT+TFiVkMW
xLAAoLOVtLg9e/yKTFOA0oVLVqW4PC4R
=r6Bq
-----END PGP SIGNATURE-----
More information about the selinux
mailing list