New Policy Doesn't Fix It
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 17 11:40:23 UTC 2005
On Fri, 2005-06-17 at 06:58 -0400, Daniel J Walsh wrote:
> Are you sure you have allow_execmod set?
>
> setsebool -P allow_execmod=1
Per the avc message, the file was labeled usr_t
(/opt/openoffice.org1.9.104/program/libicudata.so.26.0.1). So unless
you are allowing execmod to all file types (not a good idea), that
wouldn't help. It would need to be texrel_shlib_t (preferably) or at
least shlib_t (not sure what you allow in targeted policy).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list