On 11/03/2009 04:35 PM, Adam Jackson wrote: > On Tue, 2009-11-03 at 21:31 +0000, Mike Cloaked wrote: >> For people running wine or Crossover and using MS Office 2003 and related codes >> it is necessary to do: >> # setsebool -P allow_unconfined_mmap_low 1 >> To prevent AVC denials. >> >> However there is recent publicity at >> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ >> which highlights that there is still a vulnerability in the kernel if this is >> set. >> >> For people running f11 with this boolean set how can one run wine and still >> remain secure? i.e. what should an admin do to protect the system? > > You can't. > > If I'm being slightly less flip: run wine in a kvm instance with selinux > disabled, forward X to the host. > > - ajax > You can run with SELinux in enforcement. mmap_low_allowed is the name of the boolean moving forward. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
