Interesting reading on exec* access checks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

http://people.redhat.com/drepper/selinux-mem.html
We are planning on turning off allow_execmem, allow_execmod, allow_execheap for unconfined_t in targeted policy. We are working to clean up any problems this might cause. This will add additional security features to Userspace, but might cause headaches. 

If you have the latest policy installed on Rawhide

selinux-policy-targeted-2.1.0-3 or later you can try it out by running

setsebool -P allow_execmem=0 allow_execmod=0 allow_execheap=0

You might need to relabel /usr/lib and /lib.

Any help would be appreciated.  :^)

--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux