-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Malcolm wrote: > On Thu, 2008-01-17 at 19:20 +0100, Till Maas wrote: >> On Thu January 17 2008, Olivier Galibert wrote: >> >>> Now that's a superb example of one of the things that suck with >>> selinux: put "allow_execmod" in google and try to find a page that >>> actually explain what it means. >> Here the 6th result is: >> http://www.livejournal.com/go.bml?journal=danwalsh&itemid=13376&dir=next >> And on that page is a link to: >> http://people.redhat.com/~drepper/selinux-mem.html >> >> What are you missing there? > > To be fair, are the policy types and booleans actually documented > somewhere? e.g. a set of manpages that could get autogenerated when the > policy package is built? Does the policy source language support some > kind of inline commenting that could be used doxygen-style to generate > docs (and check doc coverage)? Obviously, this would be aimed more at > the classic unix sysadmin rather than a desktop user > > > <tunable name="allow_execmem" dftval="false"> <desc> <p> Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") </p> </desc> </tunable> <tunable name="allow_execmod" dftval="false"> <desc> This is in policy and extracted out into /usr/share/selinux/devel/policy.xml But not currently in a man page. audit2why and setroubleshoot are starting to use these definitions in Fedora 9. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkePowoACgkQrlYvE4MpobMQ7gCgzo2UB2AGXEVFVvNjXIXIkhgJ sBAAoNcSNidCpD9R0IywUGX2BVAqb8Vh =ZLcT -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
