Stephen Smalley sds at
Fri May 13 11:35:04 UTC 2005

On Fri, 2005-05-13 at 04:46 -0400, Valdis.Kletnieks at wrote:
> That seemed to shut the vast majority of the whinging when I tried it
> with strict/permissive.  You might have to tag something with texrel_shlib_t
> as well.  I don't think there's any new policy needed, just file contexts
> to get the *.so's as shlib_t and the binaries as bin_t

texrel_shlib_t is needed for execmod permission (text relocation).  But
it would be better to eliminate the need for the text relocation in the
first place, as it creates a security risk.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list