[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: execmem_exec_t, unconfined.te and nsplugin
- From: Daniel J Walsh <dwalsh redhat com>
- To: Joe Nall <joe nall com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: execmem_exec_t, unconfined.te and nsplugin
- Date: Mon, 12 Jan 2009 11:50:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Nall wrote:
> libsepol.print_missing_requirements: nsplugin's global requirements were
> not met: type/attribute execmem_exec_t
> /usr/bin/semodule_link: Error while linking packages
> make[1]: *** [validate] Error 1
> make[1]: Leaving directory
> `/home/joe/src2/Linux_x86_64/BUILD/rpmbuild/BUILD/serefpolicy-3.5.13'
> error: Bad exit status from /var/tmp/rpm-tmp.XoIIV1 (%install)
>
> I'm trying to build an mls policy with nsplugin defined as a module in
> modules-mls.conf. nsplugin depends on execmem_exec_t which is defined in
> unconfined.te which is _not_ a module in modules-mls.conf, creating the
> error above.
>
> Is there a better place to declare execmem_exec_t (userdomain.te?).
>
> joe
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Yes, I think we should create a new app execmem.te and move stuff there.
Java, Mono, and other apps fall into this categorie, of applications
that users execute that require execmem, execstack privs.
What we really need is
USERTYPE_t executes execmem_exec_t gets USERTYPE_EXECMEM_T ==
(USERTYPE_T + execmem and execstack)
Currently execmem_exec_t is just a rename of unconfined_execmem_exec_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklrdO0ACgkQrlYvE4MpobMraACgl98E+0lh8VFEVJUT+TFiVkMW
xLAAoLOVtLg9e/yKTFOA0oVLVqW4PC4R
=r6Bq
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]