On Fri, 2005-01-28 at 11:38, Tom London wrote: > Running strict/enforcing, today's Rawhide. > > Noticed the avcs below in the log. > > I believe the java one may be from the sun JVM I have installed.... > xscreensaver and helixplayer ones are new. > > My understanding is that I need to set the boolean 'allow_execmod' to > allow this kind of thing (although nothing appears broken....) > > Do I have that correct? I think that the allow_execmod boolean only allows execmod permission to files labeled with the new texrel_shlib_t type. Or at least that is what it should do. Any existing occurrences of execmod permission in the policy should be changed to use texrel_shlib_t now that it is defined, and then any DSOs that require it should be relabeled to that type. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
