SELinux removed from desktop cd spin?
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 18 13:30:44 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Olivier Galibert wrote:
> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote:
>> <tunable name="allow_execmem" dftval="false">
>> Allow unconfined executables to map a memory region as both executable
>> and writable, this is dangerous and the executable should be reported in
> That should be "to map a file in a memory region", as UD's page
> explains. Otherwise anyone who knows a little about dynamic
> recompilers/JITs is gonna go "huh?".
Bad cut and paste. The one I pasted was for allow_execmem. Where the
definition is correct. java/mono apps are not confined by this, since
they run under a different context.
<tunable name="allow_execmod" dftval="false">
Allow all unconfined executables to use libraries requiring text
relocation that are not labeled textrel_shlib_t")
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the fedora-devel-list