[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: A question about allow_unconfined_mmap_low in f11 amd selinux
- From: Mike Cloaked <mike cloaked gmail com>
- To: fedora-devel-list redhat com
- Subject: Re: A question about allow_unconfined_mmap_low in f11 amd selinux
- Date: Mon, 9 Nov 2009 19:40:18 +0000 (UTC)
Eric Paris <eparis <at> redhat.com> writes:
> > I have Crossover installed and not wine, and just checked:
> > [mike <at> home1 ~]$ cat /proc/sys/vm/mmap_min_addr
> > 65536
> >
> > This is an f11 box. I also set the boolean by doing
> > # setsebool -P allow_unconfined_mmap_low 1
>
> Bad news! For maximum protection would want that bool off. You do not
> want to ALLOW unconfined to mmap low memory.
>
> -Eric
Many thanks Eric - I just tried unsetting the boolean -
# setsebool -P allow_unconfined_mmap_low 0
Excel and Word 2003 still run in Crossover after resetting it without AVCs
popping up - I will unset it in the other machines where I have this also -
I guess selinux policy may have changed so that setting it as I did originally
is no longer necessary.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]