Please disable the SELinux execstack/relro checks before FC5 final
Eric Brunson
brunson at brunson.com
Sun Feb 19 17:48:00 UTC 2006
Ulrich Drepper wrote:
> Arjan van de Ven wrote:
>
>> right now I fear the only sane answer is "set all to permissive
>> behavior"; the minimum for fc5 would be everything that can do plugins
>> of any kind, or uses libraries that tend to get replaced (3D ones ;).
>> But that ends up being a whole whopping lot...
>>
>
> I'm not so sure.
>
> The most crappy software are all those mozilla/firefox/thunderbird
> plugins. So, yes, we might need more time for that although I'd rather
> prefer to have a separate domain for those programs.
>
> The NVidia driver also needs an executable stack but nothing else.
>
> What I have not seen are programs which have their own domain and still
> need any of the booleans set. Somebody should show real evidence that
> any of those domains need the permission checks disable.
>
> If we cannot move the moz/ffox/tbird into their own domain then, yes,
> disable the checks for unconfined processes. But we should keep the
> tests for all programs which have their own domain.
>
>
This NVidia driver issue seems to be cropping up a lot on the forums.
Is there a fix for it other than setting permissive globally?
More information about the fedora-devel-list
mailing list