SELinux removed from desktop cd spin?
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 18 18:01:05 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Olivier Galibert wrote:
> On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Olivier Galibert wrote:
>>> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
>>>> <tunable name="allow_execmem" dftval="false">
>>>> <desc>
>>>> <p>
>>>> Allow unconfined executables to map a memory region as both executable
>>>> and writable, this is dangerous and the executable should be reported in
>>>> bugzilla")
>>> That should be "to map a file in a memory region", as UD's page
>>> explains. Otherwise anyone who knows a little about dynamic
>>> recompilers/JITs is gonna go "huh?".
>>>
>>> OG.
>>>
>> Bad cut and paste. The one I pasted was for allow_execmem. Where the
>> definition is correct.
>
> You mean Ulrich's page is incorrect then? I indeed had noticed it was
> about execmem.
>
>
>> java/mono apps are not confined by this, since
>> they run under a different context.
>
> Java/Mono are not the only programs with dynamic code generators in
> them.
>
> OG.
>
THe attached file is the file context of all files in Rawhide (Probably
F8) that are marked as allowing execmem/execstack.
If you know of others, we need to update this list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeQ6WEACgkQrlYvE4MpobNC1QCeJFwhjT7zZ4jWOeCQ2VnfTcI9
NI8AoLCClZU0lYdOAqwDNonnzDqReX34
=LqxN
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: execmem
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080118/61498368/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: execmem.sig
Type: application/octet-stream
Size: 72 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080118/61498368/attachment.obj>
More information about the fedora-devel-list
mailing list