GIMP help shouldn't need execstack, should it?
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 7 15:25:32 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/07/2011 09:11 AM, Dominick Grift wrote:
> On 01/06/2011 11:49 PM, Göran Uddeborg wrote:
>> I discovered recently that gimp help crashes with a segmentation fault
>> and an execmem AVC denial. I could make it work either by setting
>> allow_execstack to on, or by changing the type of
>> /usr/lib64/gimp/2.0/plug-ins/help-browser to
>> unconfined_execmem_exec_t.
>
> see if it works when you remove the execstack flag from help-browser
> (man execstack)
>
> But in general i believe execstack should most of the time not be needed
> in Linux
>
>> I assume this is a bug in the help-browser that I should report. My
>> understanding is that execstack should not be needed. But before I do
>> I thought I check with the knowledgable people here. Is this AVC
>> denial a result of an application bug, or could it be valid for gimp
>> help to request this?
>
>
>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
- --
selinux mailing list
selinux at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
We have had a slew of bugzillas on this lately. I think some libraries
in rpmfusion or one of the other Not Fully Open, yum repositories have
some libraries that are marked as requiring execstack.
We have been closing these with a link to this bugzilla.
https://bugzilla.redhat.com/show_bug.cgi?id=652297#c5
I have hard coded my comment in it on how to look for the libraries.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0nMGsACgkQrlYvE4MpobOtowCg00lNOyWUxFnyTx7WK4cqgLXe
qwAAn3jNe499cHb40gqaoD7fh2S1ukqb
=PykE
-----END PGP SIGNATURE-----
More information about the selinux
mailing list