On Wed, 2005-05-11 at 18:25 +0100, Mike Hearn wrote: > On Wed, 2005-05-11 at 12:56 -0400, Ivan Gyurdiev wrote: > > However, they are not marked as such - Daniel, perhaps > > /usr(/local)?/lib/wine/.*\.so -- textrel_shlib_t > > should be added? > > That is a bit hacky. I personally install Wine to /opt/wine and > Crossover can go anywhere. I think it'd be better to adjust the Wine > build system to label them correctly. That's not how SELinux works right now - labeling decisions are centralized in the policy. I'm not sure why it's done that way - perhaps it's because the policy sources are also centralized. (cc-ed Stephen Smalley - maybe he can explain) If you label wine in the build system, and later I run restorecon, which brings the system permissions in sync with what the file_contexts file says, it will restore the permissions back to what the policy thinks they should be. > > On the other hand, if wine doesn't need text relocations, it > > would be better if it was compiled without them. > > I have no idea why they're there, like I said, there's no documentation > I could find on what causes the toolchain to produce them. How do you go > about getting rid of them? They're compiled with -fPIC already. Not sure about that - my guesses run out with fPIC... -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
