Adding two new booleans to httpd to tighten it's security.
Tom London
selinux at gmail.com
Wed Dec 14 03:31:49 UTC 2005
Here is the response from vmware:
VMware generates lots of code on the fly, so flipping PROT_EXEC with
PROT_WRITE would not reasonably work. Especially not in the
multithreaded environment where it would continuously cause IPIs to be
send between processors, slowing down everything. If SELinux default
policy authors decided that they cannot trust applications, then I'm
afraid that you'll have to create special policy for VMware.
libgdk-x11's library from vmware's directory will be used only if
libraries on your host are found to be inadequate. Try
'VMWARE_USE_SHIPPED_GTK=no vmware' and it should tell you which
libraries are missing on your box. After you'll install them then
libgdk-x11 from /usr/lib should be used.
-------------------------------------------------------------
I haven't gotten the library test working yet.....
tom
--
Tom London
More information about the fedora-selinux-list
mailing list