Re: GCL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jerry James wrote:
> On Mon, Nov 24, 2008 at 8:14 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>> Ok, is the GCL package available in Fedora?  This probably should be
>> opened as a bugzilla.  If gcl really needs execheap, we need to create a
>> new policy for it, since execmem_exec_t apps currently do not get this
>> and I really don't want to give them this.  I guess I would like to hear
>> Ulrich Drepper chime in on this need.
> 
> The GCL package has been in Fedora since 2005, but has not built
> successfully for months.  I recently took over as maintainer and am
> trying to get it into a buildable state again.  I've fixed the other
> problems; this seems to be the final blocker.
> 
> If I make the saved images have type execmem_exec_t, then the build
> produces the "early" image successfully.  When that image runs and
> tries to load up a bunch of Lisp files to produce the final image,
> SELinux kills it with an AVC denial that mentions execheap.  I
> mentioned on fedora-devel-list that making the saved images have type
> java_exec_t produces a successful build.  If you can tell me how to
> test with exactly execmem + execheap privileges, then I can make sure
> there is nothing else in the java_exec_t set that GCL needs.
> Otherwise, we may have to go through multiple iterations of "no wait,
> GCL needs one more permission".
> 
> Do I need to audit the source code to discover the reason for the
> execheap need?  I can guess; it's probably (eval form) that needs it,
> but I don't know that for sure.
> 
> Say the word and I'll make a bugzilla entry for this.  Thanks for your help.
Yes, please open a bugzilla.

We can make a duplicate policy for GCL to java, with execheap.  But we
need to track this via bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkqy44ACgkQrlYvE4MpobNJrQCfSR9kDnPc9i8mUy94mOZtJ+th
nTcAniypT1D+gpNMV3x8F8onG1wUKn66
=UnCw
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux