-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Goode wrote: > Now Fedora 9 tightens the default selinux booleans and by default > mprotect with PROT_EXEC will fail. I want to fix MLton upstream to work > correctly. Should I special case systems that require PROT_EXEC? Or is > there a more correct way to allocate memory for it? No, just special-case the broken architectures. People using such machines should already know that they are playing with fire. > Might this mean that sigaltstack() programs under SELinux on certain > architectures must run in unconfined_u:object_r:unconfined_execmem_exec_t ? If trampolines are regularly used, then you already have to special-case the use of execstack for those archs and no other (hopefully). In that case just add execmem as well. - -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHuIsy2ijCOnn/RHQRAuQiAKCyZaCCCO0n1zurTySWNXeWDCXZHwCgrASd mEm+GbvayLpXP/t1FdAE/60= =Unnh -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
