execmem
Jason Dravet
dravet at hotmail.com
Wed Jan 11 19:56:52 UTC 2006
When execstack was turned off on December 9 and execmem and execmod were
turned off on December 10 several programs broke and I opened bugzilla
issues for them. Now one of the programmers has contacted me about this,
but now the program works. I am pretty sure the program was not fixed (I
have not updated it) as suggested by
http://people.redhat.com/drepper/selinux-mem.html. I think the selinux
policy changed and allows the exec* access again. How can I turn off this
access so the program can be fixed properly?
I tried the following command: setsebool -P allow_execmem=0 allow_execmod=0
allow_execheap=0
and this is what I got:
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change policy booleans
I am running selinux-policy-targeted-2.1.8-3 and selinux-policy-2.1.8-3 in
enforcing mode on Fedora rawhide.
Thanks,
Jason
More information about the fedora-selinux-list
mailing list