Adding two new booleans to httpd to tighten it's security.
Ulrich Drepper
drepper at redhat.com
Sat Dec 10 20:37:57 UTC 2005
Nicolas Mailhot wrote:
> avc: denied { execmem } for pid=2950 comm="thunderbird-bin"
> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
If this really happens then this is a terrible bug in tbird. It's
nothing which should be patched with the policy. By not adding the
support to catch these problems early the code won't be fixed.
New rules are often added for a specific purpose: discover bugs in
programs and stop existing threats. It would be wrong to not attack
these as soon as possible.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
More information about the fedora-selinux-list
mailing list