Adding two new booleans to httpd to tighten it's security.

Nicolas Mailhot nicolas.mailhot at laposte.net
Sat Dec 10 21:50:57 UTC 2005


On Sam 10 décembre 2005 22:44, Ulrich Drepper wrote:
> Nicolas Mailhot wrote:
>> Rawhide killed evo a week ago (#174931)
>> It killed thunderbird today
>> I'm running out of imap clients.
>
> Just add appropriate security labels.
>
> for f in /usr/lib/thunderbird-1.5/*.so /usr/lib/thunderbird-1.5/*/*.so;
> do if readelf -d $f | fgrep -q TEXTREL; then chcon
> system_u:object_r:texrel_shlib_t $f; fi; done
>
>
> (One long line.)  Repeat for other directories.
>
> This specific problem is a gcc bug.

Ok, thanks.

I won't do it because workarounding like this is a slippery slope ending
with selinux=false. I try to keep my system in line with current rawhide
so it stays a valid test system (even if sometimes it's a difficult
position to keep)

But thank you for the information.

-- 
Nicolas Mailhot




More information about the fedora-selinux-list mailing list