Untrusted content domain
Ivan Gyurdiev
ivg2 at cornell.edu
Wed May 11 17:49:24 UTC 2005
(sorry for resend - incorrect recipient)
On Wed, 2005-05-11 at 18:25 +0100, Mike Hearn wrote:
> On Wed, 2005-05-11 at 12:56 -0400, Ivan Gyurdiev wrote:
> > However, they are not marked as such - Daniel, perhaps
> > /usr(/local)?/lib/wine/.*\.so -- textrel_shlib_t
> > should be added?
>
> That is a bit hacky. I personally install Wine to /opt/wine and
> Crossover can go anywhere. I think it'd be better to adjust the Wine
> build system to label them correctly.
That's not how SELinux works right now - labeling decisions
are centralized in the policy. I'm not sure why it's done that way -
perhaps it's because the policy sources are also centralized.
(cc-ed Stephen Smalley - maybe he can explain)
If you label wine in the build system, and later I run restorecon, which
brings the system permissions in sync with what the file_contexts file
says, it will restore the permissions back to what the policy thinks
they should be.
> > On the other hand, if wine doesn't need text relocations, it
> > would be better if it was compiled without them.
>
> I have no idea why they're there, like I said, there's no documentation
> I could find on what causes the toolchain to produce them. How do you go
> about getting rid of them? They're compiled with -fPIC already.
Not sure about that - my guesses run out with fPIC...
--
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University
More information about the fedora-selinux-list
mailing list