execmod avcs from today's policy
Stephen Smalley
sds at epoch.ncsc.mil
Fri Jan 28 18:12:02 UTC 2005
On Fri, 2005-01-28 at 11:38, Tom London wrote:
> Running strict/enforcing, today's Rawhide.
>
> Noticed the avcs below in the log.
>
> I believe the java one may be from the sun JVM I have installed....
> xscreensaver and helixplayer ones are new.
>
> My understanding is that I need to set the boolean 'allow_execmod' to
> allow this kind of thing (although nothing appears broken....)
>
> Do I have that correct?
I think that the allow_execmod boolean only allows execmod permission to
files labeled with the new texrel_shlib_t type. Or at least that is
what it should do. Any existing occurrences of execmod permission in
the policy should be changed to use texrel_shlib_t now that it is
defined, and then any DSOs that require it should be relabeled to that
type.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list