-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Howarth wrote: > Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Olivier Galibert wrote: >>> On Fri, Jan 18, 2008 at 08:30:44AM -0500, Daniel J Walsh wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Olivier Galibert wrote: >>>>> On Thu, Jan 17, 2008 at 01:48:42PM -0500, Daniel J Walsh wrote: >>>>>> <tunable name="allow_execmem" dftval="false"> >>>>>> <desc> >>>>>> <p> >>>>>> Allow unconfined executables to map a memory region as both >>>>>> executable >>>>>> and writable, this is dangerous and the executable should be >>>>>> reported in >>>>>> bugzilla") >>>>> That should be "to map a file in a memory region", as UD's page >>>>> explains. Otherwise anyone who knows a little about dynamic >>>>> recompilers/JITs is gonna go "huh?". >>>>> >>>>> OG. >>>>> >>>> Bad cut and paste. The one I pasted was for allow_execmem. Where the >>>> definition is correct. >>> You mean Ulrich's page is incorrect then? I indeed had noticed it was >>> about execmem. >>> >>> >>>> java/mono apps are not confined by this, since >>>> they run under a different context. >>> Java/Mono are not the only programs with dynamic code generators in >>> them. >>> >>> OG. >>> >> THe attached file is the file context of all files in Rawhide (Probably >> F8) that are marked as allowing execmem/execstack. >> >> If you know of others, we need to update this list. > > Shouldn't this list also include things labelled as > unconfined_notrans_exec_t such as mock and sysreport? > > Paul. > Yes. And prelink. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeVEWAACgkQrlYvE4MpobOAawCgm4ZSw+jBJ+e2oaxi9p+GE6FO PvYAnRwwYfsM0AsFQR5/6TzxnZ1d3rco =zZcF -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
