Question about "exec-shield"
Maurizio Pagani Gmail
pag.maurizio at gmail.com
Wed Feb 20 11:48:26 UTC 2013
Hi there,
I've a question about "exec-shield", pratically, in some servers SELinux
it's Disabled, but I see that "exec-shield" is enabled:
******************************************
[root at app12trnr TSCM]# sysctl -a|grep -i exec
kernel.exec-shield = 1
[root at app12trnr TSCM]# sestatus
SELinux status: disabled
******************************************
- Now, the question is: also if SELinux is Disabled, the
exec-shield works normally? And if the answer is "yes", with wich criteria
the exec-shield block an application to write on memory?
- Because I think that only SELinux can manage "exec-shield" for
decide with wich criteria can block something to write on memory. Because I
saw that there is "process object class" with some permissions that specify
proper "execheap, execstack, and go on" for manage "allow/deny".
I hope I was clear with the question.
Thanks in advance,
Maurizio Pagani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130220/6a4669a4/attachment.html>
More information about the selinux
mailing list