On Tue, 2009-11-03 at 21:31 +0000, Mike Cloaked wrote: > For people running wine or Crossover and using MS Office 2003 and related codes > it is necessary to do: > # setsebool -P allow_unconfined_mmap_low 1 > To prevent AVC denials. > > However there is recent publicity at > http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ > which highlights that there is still a vulnerability in the kernel if this is > set. > > For people running f11 with this boolean set how can one run wine and still > remain secure? i.e. what should an admin do to protect the system? You can't. If I'm being slightly less flip: run wine in a kvm instance with selinux disabled, forward X to the host. - ajax
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
