A question about allow_unconfined_mmap_low in f11 amd selinux
Mike Cloaked
mike.cloaked at gmail.com
Tue Nov 3 21:31:52 UTC 2009
For people running wine or Crossover and using MS Office 2003 and related codes
it is necessary to do:
# setsebool -P allow_unconfined_mmap_low 1
To prevent AVC denials.
However there is recent publicity at
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
which highlights that there is still a vulnerability in the kernel if this is
set.
For people running f11 with this boolean set how can one run wine and still
remain secure? i.e. what should an admin do to protect the system?
More information about the fedora-devel-list
mailing list