selinux execmem and sigaltstack
Adam Goode
adam at spicenitz.org
Wed Feb 13 04:02:31 UTC 2008
Hi,
I am trying to figure out how to properly allocate memory for
sigaltstack in all cases. This is for MLton, which I maintain in Fedora.
Here is the problem: originally, MLton was not using PROT_EXEC for areas
of memory used with sigaltstack. This was causing parisc to fail, since
it uses trampolines on the stack.
http://mlton.org/pipermail/mlton/2004-December/026512.html
Now Fedora 9 tightens the default selinux booleans and by default
mprotect with PROT_EXEC will fail. I want to fix MLton upstream to work
correctly. Should I special case systems that require PROT_EXEC? Or is
there a more correct way to allocate memory for it?
Might this mean that sigaltstack() programs under SELinux on certain
architectures must run in unconfined_u:object_r:unconfined_execmem_exec_t ?
Thanks,
Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080212/6643169d/attachment.sig>
More information about the fedora-devel-list
mailing list