[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Olivier Galibert wrote:
On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Olivier Galibert wrote:
On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable
and writable, this is dangerous and the executable should be reported in
bugzilla")
That should be "to map a file in a memory region", as UD's page
explains.  Otherwise anyone who knows a little about dynamic
recompilers/JITs is gonna go "huh?".

  OG.

Bad cut and paste.  The one I pasted was for allow_execmem.  Where the
definition is correct.
You mean Ulrich's page is incorrect then?  I indeed had noticed it was
about execmem.


java/mono apps are not confined by this, since
they run under a different context.
Java/Mono are not the only programs with dynamic code generators in
them.

  OG.

THe attached file is the file context of all files in Rawhide (Probably
F8) that are marked as allowing execmem/execstack.

If you know of others, we need to update this list.

Shouldn't this list also include things labelled as unconfined_notrans_exec_t such as mock and sysreport?

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]