selinux and legacy "compat" application in FC5

[Paul Howarth]

Chris Jones wrote:
> 
>>
>> Look into the setsebool command and the allow_execheap boolean.
>>
> 
> Thanks. That was the hint I needed. In the end I need to issue
> 
>  > setsebool allow_execheap=true allow_execmod=true
> 
> Before I make this change permanent, what the the security implications 
> of this ?

One less layer of defence.

There's more on FC5 SELinux memory protection here:
http://people.redhat.com/drepper/selinux-mem.html

Paul.