Adding two new booleans to httpd to tighten it's security.

Ulrich Drepper drepper at
Sat Dec 10 20:37:57 UTC 2005

Nicolas Mailhot wrote:
> avc:  denied  { execmem } for  pid=2950 comm="thunderbird-bin"
> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process

If this really happens then this is a terrible bug in tbird.  It's 
nothing which should be patched with the policy.  By not adding the 
support to catch these problems early the code won't be fixed.

New rules are often added for a specific purpose: discover bugs in 
programs and stop existing threats.  It would be wrong to not attack 
these as soon as possible.

➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖

More information about the fedora-selinux-list mailing list