SELinux removed from desktop cd spin?
Olivier Galibert
galibert at pobox.com
Fri Jan 18 16:12:36 UTC 2008
On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Olivier Galibert wrote:
> > On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
> >> <tunable name="allow_execmem" dftval="false">
> >> <desc>
> >> <p>
> >> Allow unconfined executables to map a memory region as both executable
> >> and writable, this is dangerous and the executable should be reported in
> >> bugzilla")
> >
> > That should be "to map a file in a memory region", as UD's page
> > explains. Otherwise anyone who knows a little about dynamic
> > recompilers/JITs is gonna go "huh?".
> >
> > OG.
> >
> Bad cut and paste. The one I pasted was for allow_execmem. Where the
> definition is correct.
You mean Ulrich's page is incorrect then? I indeed had noticed it was
about execmem.
> java/mono apps are not confined by this, since
> they run under a different context.
Java/Mono are not the only programs with dynamic code generators in
them.
OG.
More information about the fedora-devel-list
mailing list