> Well, I used audit2allow and it said I needed: > > allow unconfined_t user_home_t:file execmod; > > So I added it to the Shared Library section > of /etc/selinux/targeted/src/policy/domains/unconfined.te > > And things seem to work. :) Is this correct? Correct ..hmm Well, you might have a case for targeted (being un-confined), but in strict this is definitely not ok. The proper solution is to compile the library without text relocations. If that is not possible, the library can be labeled texrel_shlib_t to workaround the problem. However, there's the issue that an unprivileged user, such as yourself, is not allowed to label things texrel_shlib_t. -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
