Paul Howarth wrote:
On Sat, 2006-08-12 at 01:43 +0530, Rahul wrote:
Louis Garcia II wrote:
Hi
I was expecting to some comments on whether this feature works well in
Fedora Core 6 test 2 and the current development tree. Anyone tried it
out with the applets in the wild?
Rahul
When I visited a page with an applet it froze firefox. I looked in the logs and saw this:
Aug 11 15:13:55 soncomputer kernel: audit(1155323634.469:38): avc: denied { execmem } for pid=3198 comm="gappletviewer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
What component does this fall under? Should it be selinux?
Yes. Please file a bug report against SELinux. GCJ applet viewer
probably should be fixed in the future to not require execmem
permissions but meanwhile the SELinux targeted policy can be modified to
allow this.
You can do setsebool -P allow_execmom=1 and see if you are able to
workaround this for now.
Wouldn't it be better to do:
# chcon -t unconfined_execmem_exec_t /path/to/gappletviewer
Paul.
Yes. If you want to do it only on that application instead of disabling
the checks on every program, thats a better way to do it. However I am
not running the applet viewer or the test releases now so my earlier
instructions are simpler to follow.
Rahul
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list