A question about allow_unconfined_mmap_low in f11 amd selinux
Justin
eqisow at gmail.com
Mon Nov 9 20:15:28 UTC 2009
On Mon, Nov 9, 2009 at 2:40 PM, Mike Cloaked <mike.cloaked at gmail.com> wrote:
> Eric Paris <eparis <at> redhat.com> writes:
>
>> > I have Crossover installed and not wine, and just checked:
>> > [mike <at> home1 ~]$ cat /proc/sys/vm/mmap_min_addr
>> > 65536
>> >
>> > This is an f11 box. I also set the boolean by doing
>> > # setsebool -P allow_unconfined_mmap_low 1
>>
>> Bad news! For maximum protection would want that bool off. You do not
>> want to ALLOW unconfined to mmap low memory.
>>
>> -Eric
>
> Many thanks Eric - I just tried unsetting the boolean -
> # setsebool -P allow_unconfined_mmap_low 0
>
> Excel and Word 2003 still run in Crossover after resetting it without AVCs
> popping up - I will unset it in the other machines where I have this also -
> I guess selinux policy may have changed so that setting it as I did originally
> is no longer necessary.
Really? For me there is no "allow_unconfined_mmap_low" at all and I'm
definitely still getting the error with any Wine application with
mmap_low_allowed set to 0.
selinux-policy-3.6.32-41.fc12.noarch
More information about the fedora-devel-list
mailing list