When execstack was turned off on December 9 and execmem and execmod were
turned off on December 10 several programs broke and I opened bugzilla
issues for them. Now one of the programmers has contacted me about this,
but now the program works. I am pretty sure the program was not fixed (I
have not updated it) as suggested by
http://people.redhat.com/drepper/selinux-mem.html. I think the selinux
policy changed and allows the exec* access again. How can I turn off this
access so the program can be fixed properly?
I tried the following command: setsebool -P allow_execmem=0 allow_execmod=0
allow_execheap=0
and this is what I got:
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change policy booleans
I am running selinux-policy-targeted-2.1.8-3 and selinux-policy-2.1.8-3 in
enforcing mode on Fedora rawhide.
Thanks,
Jason
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
