[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Olivier Galibert wrote:
> On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Olivier Galibert wrote:
>>> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
>>>> <tunable name="allow_execmem" dftval="false">
>>>> <desc>
>>>> <p>
>>>> Allow unconfined executables to map a memory region as both executable
>>>> and writable, this is dangerous and the executable should be reported in
>>>> bugzilla")
>>> That should be "to map a file in a memory region", as UD's page
>>> explains.  Otherwise anyone who knows a little about dynamic
>>> recompilers/JITs is gonna go "huh?".
>>>
>>>   OG.
>>>
>> Bad cut and paste.  The one I pasted was for allow_execmem.  Where the
>> definition is correct.
> 
> You mean Ulrich's page is incorrect then?  I indeed had noticed it was
> about execmem.
> 
> 
>> java/mono apps are not confined by this, since
>> they run under a different context.
> 
> Java/Mono are not the only programs with dynamic code generators in
> them.
> 
>   OG.
> 
THe attached file is the file context of all files in Rawhide (Probably
F8) that are marked as allowing execmem/execstack.

If you know of others, we need to update this list.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkeQ6WEACgkQrlYvE4MpobNC1QCeJFwhjT7zZ4jWOeCQ2VnfTcI9
NI8AoLCClZU0lYdOAqwDNonnzDqReX34
=LqxN
-----END PGP SIGNATURE-----
/usr/bin/qemu.*	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/lib/openoffice\.org.*/program/.+\.bin	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/bin/sbcl	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/bin/valgrind	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/bin/rhythmbox	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/lib/ia32el/ia32x_loader	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/local/RealPlayer/realplay\.bin	--	system_u:object_r:unconfined_execmem_exec_t:s0
/usr/bin/mono	--	system_u:object_r:mono_exec_t:s0
/usr/(.*/)?bin/java.*	--	system_u:object_r:java_exec_t:s0
/opt/(.*/)?bin/java[^/]*	--	system_u:object_r:java_exec_t:s0
/usr/lib(.*/)?bin/java[^/]*	--	system_u:object_r:java_exec_t:s0
/usr/lib(64)?/openoffice\.org/program/soffice\.bin	--	system_u:object_r:java_exec_t:s0
/usr/bin/octave-[^/]*	--	system_u:object_r:java_exec_t:s0
/usr/matlab/bin/(.*/)?MATLAB.	--	system_u:object_r:java_exec_t:s0
/opt/matlab/bin/(.*/)?MATLAB.	--	system_u:object_r:java_exec_t:s0
/usr/lib/jvm/java(.*/)bin(/.*)?	--	system_u:object_r:java_exec_t:s0
/usr/local/matlab/bin/(.*/)?MATLAB.	--	system_u:object_r:java_exec_t:s0
/opt/local/matlab/bin/(.*/)?MATLAB.	--	system_u:object_r:java_exec_t:s0
/opt/ibm/java2-ppc64-50/jre/(bin|javaws)(/.*)?	--	system_u:object_r:java_exec_t:s0
/usr/bin/gij	--	system_u:object_r:java_exec_t:s0
/usr/bin/grmic	--	system_u:object_r:java_exec_t:s0
/usr/bin/frysk	--	system_u:object_r:java_exec_t:s0
/usr/bin/fastjar	--	system_u:object_r:java_exec_t:s0
/usr/bin/gkeytool	--	system_u:object_r:java_exec_t:s0
/usr/bin/gjarsigner	--	system_u:object_r:java_exec_t:s0
/usr/bin/jv-convert	--	system_u:object_r:java_exec_t:s0
/usr/bin/gcj-dbtool	--	system_u:object_r:java_exec_t:s0
/usr/bin/grmiregistry	--	system_u:object_r:java_exec_t:s0
/usr/bin/gappletviewer	--	system_u:object_r:java_exec_t:s0
/usr/lib/eclipse/eclipse	--	system_u:object_r:java_exec_t:s0
/usr/bin/wine	--	system_u:object_r:wine_exec_t:s0
/opt/cxoffice/bin/wine	--	system_u:object_r:wine_exec_t:s0
/opt/picasa/wine/bin/wine	--	system_u:object_r:wine_exec_t:s0

Attachment: execmem.sig
Description: Binary data


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]