On Fri, 2007-08-03 at 08:50 -0400, Jesse Keating wrote: > On Fri, 03 Aug 2007 08:34:53 -0400 > Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > Is the ppc selinux problem a recurrence of the execmem denials due to > > broken compiler toolchain? Is there a bug report on it? > > If you just dropped linux-2.6-selinux-mprotect-checks.patch from the > > Fedora kernel would it allow you to leave selinux enabled on ppc? > > It's due to using wrong compiler flags for ppc32 binaries resulting in > every binary wanting execmem. Selinux obviously denies this. I'm not > sure if there is a bug # yet, I've asked jakub to keep me informed when > there is one so that we can track it for the mass rebuild that will be > necessary. Ok, but note that upstream, those checks are disabled for ppc32 entirely because of this; only Fedora enables them in its ppc32 kernel (and only because they fixed the toolchain and rebuilt earlier). So the other option if a mass rebuild isn't feasible is to just disable those checks in the ppc32 kernel (just drop the current patch from the Fedora kernel and rebuild, reverting to upstream behavior). -- Stephen Smalley National Security Agency _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
