On Wed, 2009-11-25 at 07:26 -0500, Daniel J Walsh wrote:
> On 11/25/2009 06:00 AM, Braden McDaniel wrote:
> > I develop software on Fedora. Since upgrading to Fedora 12, I now trip
> > over this when my program tries to dlopen libjvm.so:
> > SELinux is preventing /var/user/braden/openvrml-dbg/examples/.libs/lt-sdl-viewer
> > from making the program stack executable.
> > Changing the context of the executable each time it's built isn't
> > especially practical; and disabling this check for everything on the
> > system isn't especially desirable. Is there a better way to manage
> > this?
> I was planning to bring this up for discussion. I could write a rule that says
> Which would mean that any executables executed from the home dir would execute in execmem_t since we do not know if they are java/mono/or some other lang that requiers execmem/execstack.
> This would allow us to stop all executables that are installed on the system to require correct labeling.
> What do you think?
Sounds reasonable. But mine is not an expert opinion.
Braden McDaniel <email@example.com>
fedora-selinux-list mailing list