On Wed, 2006-02-01 at 18:54 +0000, David Rye wrote: > Which on my limited understanding looks correct and I think means that > snmpd executes with a > custom policy indicated by the snmpd_exec_t bit. > > Does this mean that there is a bug in the policy for snmpd defined by > the rpm > selinux-policy-targeted-1.17.30-3.19 ? No, it means that libbeecrypt.so.6 is incorrectly marked by the toolchain as requiring an executable stack. This was corrected in FC4. Use execstack -c to clear the marking to avoid triggering an executable stack there so that you don't have to allow it in policy (which would expose you to risk). The /etc/selinux/config denials are just noise; libselinux always tries to open it from constructor, so any program that happens to link with it triggers attempts there, which are normally silenced in enforcing mode by dontaudit rules. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
