Is there a simple way to allow execmem for a single binary?

Daniel J Walsh dwalsh at redhat.com
Wed Jun 27 11:26:53 UTC 2007


Bruno Wolff III wrote:
> I have a propietary app (iHEAT) that is getting execmem denials. I would
> prefer to allow just this one app to be able to do that rather than disabling
> the check for everything. I am using the targeted policy in Fedora 7.
> I saw there was a context type unconfined_execmem, but that doesn't seem
> to permit execution.
>
> Is there some context I can use or perhaps I need to relabel a library and
> not the executable?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>   
You could always fix your app.  :^)


chcon -t unconfined_execmem_exec_t YOURBADAPP




More information about the fedora-selinux-list mailing list