On Mon, Nov 9, 2009 at 2:40 PM, Mike Cloaked <mike.cloaked@xxxxxxxxx> wrote: > Eric Paris <eparis <at> redhat.com> writes: > >> > I have Crossover installed and not wine, and just checked: >> > [mike <at> home1 ~]$ cat /proc/sys/vm/mmap_min_addr >> > 65536 >> > >> > This is an f11 box. I also set the boolean by doing >> > # setsebool -P allow_unconfined_mmap_low 1 >> >> Bad news! For maximum protection would want that bool off. You do not >> want to ALLOW unconfined to mmap low memory. >> >> -Eric > > Many thanks Eric - I just tried unsetting the boolean - > # setsebool -P allow_unconfined_mmap_low 0 > > Excel and Word 2003 still run in Crossover after resetting it without AVCs > popping up - I will unset it in the other machines where I have this also - > I guess selinux policy may have changed so that setting it as I did originally > is no longer necessary. Really? For me there is no "allow_unconfined_mmap_low" at all and I'm definitely still getting the error with any Wine application with mmap_low_allowed set to 0. selinux-policy-3.6.32-41.fc12.noarch -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
