Paul Howarth wrote:
OK, what I've got now is as follows:
...
(yesterday's mock policy module snipped)
...
I've rewritten the mock policy now because I came across another problem
with it: trying to run mono under mock to build mono apps failed with
execheap violations. This couldn't be fixed as simply as the execmod
issues with old libraries, so I've ended up having mock run in its own
domain, mock_t (much like mono would normally run in mono_t) and having
mock_t able to do execheap and execmem, as per the current policy for
mono_t.
Full details for anyone that's interested here:
http://www.city-fan.org/tips/PaulHowarth/Blog/2006-04-20
I'll give this a few days whilst I see if any more issues crop up, and
then I'll update the fedoraproject wiki with the details. Or it might
eventually be an idea to include it in Core policy.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
