Re: SELinux removed from desktop cd spin?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Malcolm wrote:
> On Thu, 2008-01-17 at 19:20 +0100, Till Maas wrote:
>> On Thu January 17 2008, Olivier Galibert wrote:
>>
>>> Now that's a superb example of one of the things that suck with
>>> selinux: put "allow_execmod" in google and try to find a page that
>>> actually explain what it means.
>> Here the 6th result is:
>> http://www.livejournal.com/go.bml?journal=danwalsh&itemid=13376&dir=next
>> And on that page is a link to:
>> http://people.redhat.com/~drepper/selinux-mem.html
>>
>> What are you missing there?
>  
> To be fair, are the policy types and booleans actually documented
> somewhere?  e.g. a set of manpages that could get autogenerated when the
> policy package is built? Does the policy source language support some
> kind of inline commenting that could be used doxygen-style to generate
> docs (and check doc coverage)?   Obviously, this would be aimed more at
> the classic unix sysadmin rather than a desktop user
> 
> 
> 

<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable
and writable, this is dangerous and the executable should be reported in
bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>


This is in policy and extracted out into

/usr/share/selinux/devel/policy.xml

But not currently in a man page.

audit2why and setroubleshoot are starting to use these definitions in
Fedora 9.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkePowoACgkQrlYvE4MpobMQ7gCgzo2UB2AGXEVFVvNjXIXIkhgJ
sBAAoNcSNidCpD9R0IywUGX2BVAqb8Vh
=ZLcT
-----END PGP SIGNATURE-----

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux