On Thu, 2005-01-13 at 01:24, Tom London wrote:
> Uhhh..I came home, put libjavaplugin_oji.so back into /usr/mozilla/plugins
> (I had moved it into /usr/mozilla), and rebooted with audit=1 as your
> suggested.
>
> I know this is going to sound crazy, but it no longer fails as before.
> I'm running selinux-policy-strict-1.20.1-3 now (was running earlier
> policy when I filed the report).
>
> I see that mozilla_macros.te has
> allow $1_mozilla_t self:process { execmem setrlimit setsched };
>
> Could this have 'fixed' this?
I'm concerned about the execmod denial on ld.so, not the execmem
denials. I think Dan added both to the policy, but we need to remove
the execmod rule and debug this further, because it seems wrong.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
