Adding two new booleans to httpd to tighten it's security.
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sat Dec 10 21:50:57 UTC 2005
On Sam 10 décembre 2005 22:44, Ulrich Drepper wrote:
> Nicolas Mailhot wrote:
>> Rawhide killed evo a week ago (#174931)
>> It killed thunderbird today
>> I'm running out of imap clients.
>
> Just add appropriate security labels.
>
> for f in /usr/lib/thunderbird-1.5/*.so /usr/lib/thunderbird-1.5/*/*.so;
> do if readelf -d $f | fgrep -q TEXTREL; then chcon
> system_u:object_r:texrel_shlib_t $f; fi; done
>
>
> (One long line.) Repeat for other directories.
>
> This specific problem is a gcc bug.
Ok, thanks.
I won't do it because workarounding like this is a slippery slope ending
with selinux=false. I try to keep my system in line with current rawhide
so it stays a valid test system (even if sometimes it's a difficult
position to keep)
But thank you for the information.
--
Nicolas Mailhot
More information about the fedora-selinux-list
mailing list