[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Please disable the SELinux execstack/relro checks before FC5 final



Ulrich Drepper wrote:
Arjan van de Ven wrote:
right now I fear the only sane answer is "set all to permissive
behavior"; the minimum for fc5 would be everything that can do plugins
of any kind, or uses libraries that tend to get replaced (3D ones ;).
But that ends up being a whole whopping lot...

I'm not so sure.

The most crappy software are all those mozilla/firefox/thunderbird
plugins.  So, yes, we might need more time for that although I'd rather
prefer to have a separate domain for those programs.

The NVidia driver also needs an executable stack but nothing else.

What I have not seen are programs which have their own domain and still
need any of the booleans set.  Somebody should show real evidence that
any of those domains need the permission checks disable.

If we cannot move the moz/ffox/tbird into their own domain then, yes,
disable the checks for unconfined processes.  But we should keep the
tests for all programs which have their own domain.

This NVidia driver issue seems to be cropping up a lot on the forums. Is there a fix for it other than setting permissive globally?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]