allow_exec{mem,stack} default to on?
Dominick Grift
domg472 at gmail.com
Sun Dec 27 17:24:58 UTC 2009
On Sun, Dec 27, 2009 at 01:48:03PM +0100, Klaus Lichtenwalder wrote:
> Hi,
>
> just checked to freshly installed Fedora 12 machines, and found
> allow_execmem --> on
> allow_execstack --> on
> Is there a reason for this, as the comment in semanage strongly
> discourages it? Or did I install a package that switches those booleans?
By default SELinux is pretty permissive (much is allowed). However you can very much tighten the configuration.
A few things to do:
map all your Linux logins to confined SELinux users
disable the unconfined module
lock-down your booleans
...and much more...
>
> Klaus
>
> --
> ------------------------------------------------------------------------
> Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/
> PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B 9C62 DB6D 1258 0E9B B6D1
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091227/a6f88410/attachment.sig>
More information about the fedora-selinux-list
mailing list