On Tue, 10 May 2005 21:34:36 -0400, Ivan Gyurdiev wrote: > By the way, since you're involved with Codeweavers - does all of wine > require text relocations? If so, it needs to be marked textrel_shlib_t. I'm not sure, I haven't examined the reasons we have text relocs in depth. Wines build system is complex, and I've not seen any documentation on what kind of things can trigger this. A hunch is maybe it's related to the embedded NT headers. > I should probably file a policy bug, because it doesn't work at all > under SELinux strict - I use wine quite a lot (games on Linux!), > and it's annoying that I have to turn SELinux off all the > time to make use of it. I was wondering about that :) I couldn't quite figure out whether the textrel thing was both targetted and strict or just strict: seems like it's just strict <phew> :) Marking libs as textrel_shlib_t should be done automatically by the patched install IMHO. We don't have any bugs filed on this in WineHQ/Codeweavers bugzilla so right now I guess not many people are trying to use strict on a desktop. But obviously if we can fix this easily then that'd be great. Actually I was talking to Jeremy (White) about this the other day. We'd be happy to kick in a free copy of Crossover for SELinux developers if they were interested in testing things with it. I saw that Steven Smalley is testing new restrictions like execstack with programs like Java, Mozilla, OpenOffice etc: getting Wine/Crossover (they're virtually the same) into that list would be great. It's a little tricky because I guess most SELinux developers are running strict, but most of our customers/users are running targetted (or not running SELinux at all), so there's not much commercial pressure to fix problems that only affect strict. Whereas for instance in execshield we had to put a lot of work into supporting it :( Still it'd be nice to know in advance about these things, especially if bits of strict are going to migrate to targetted at some point. thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
