Daniel J Walsh <dwalsh <at> redhat.com> writes: > The name has changed between RHEL5 - allow_unconfined_mmap_low and F12 - mmap_low_allowed > > The meaning has also changed > > in RHEL5 > > unconfined domains are allowed to mmap_low if the boolean is set. vbetool > and wine are allowed whether or > not the boolean is set. > > In F12 > No domains are allowed to mmap_low unless the boolean is set. If it is > set wine, vbetool and unconfined > domains are allowed to mmap_zero. > > One of you is running wine in RHEL5 which is allowed to mmap_zero without > the boolean. We changed this in F12 > so that wine will break without the boolean set. There is an interesting thing I just found - in F11 without the bool set I can run MS Word 2003 in Crossover (i.e. effectively wine) and open a .doc file without any AVC popping up. However from a webmail interface opened in Firefox, and clicking on a .doc attachment, trying to open it via an association link to Word 2003 in Crossover immediately gives an AVC denial for wine-preloader and suggests allowing the bool! However the file does seem to open nevertheless!! -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
