selinux execmem and sigaltstack
Ulrich Drepper
drepper at redhat.com
Sun Feb 17 19:29:54 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adam Goode wrote:
> Now Fedora 9 tightens the default selinux booleans and by default
> mprotect with PROT_EXEC will fail. I want to fix MLton upstream to work
> correctly. Should I special case systems that require PROT_EXEC? Or is
> there a more correct way to allocate memory for it?
No, just special-case the broken architectures. People using such
machines should already know that they are playing with fire.
> Might this mean that sigaltstack() programs under SELinux on certain
> architectures must run in unconfined_u:object_r:unconfined_execmem_exec_t ?
If trampolines are regularly used, then you already have to special-case
the use of execstack for those archs and no other (hopefully). In that
case just add execmem as well.
- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHuIsy2ijCOnn/RHQRAuQiAKCyZaCCCO0n1zurTySWNXeWDCXZHwCgrASd
mEm+GbvayLpXP/t1FdAE/60=
=Unnh
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list