On Wed, 2006-01-11 at 13:56 -0600, Jason Dravet wrote: > When execstack was turned off on December 9 and execmem and execmod were > turned off on December 10 several programs broke and I opened bugzilla > issues for them. Now one of the programmers has contacted me about this, > but now the program works. I am pretty sure the program was not fixed (I > have not updated it) as suggested by > http://people.redhat.com/drepper/selinux-mem.html. I think the selinux > policy changed and allows the exec* access again. How can I turn off this > access so the program can be fixed properly? > > I tried the following command: setsebool -P allow_execmem=0 allow_execmod=0 > allow_execheap=0 > and this is what I got: > libsemanage.dbase_llist_set: record not found in the database > libsemanage.dbase_llist_set: could not set record value > Could not change policy booleans > > I am running selinux-policy-targeted-2.1.8-3 and selinux-policy-2.1.8-3 in > enforcing mode on Fedora rawhide. Hmm...that error message needs to be more informative - only one of those booleans is undefined (allow_execheap - there is no boolean for it). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
