-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe Nall wrote: > libsepol.print_missing_requirements: nsplugin's global requirements were > not met: type/attribute execmem_exec_t > /usr/bin/semodule_link: Error while linking packages > make[1]: *** [validate] Error 1 > make[1]: Leaving directory > `/home/joe/src2/Linux_x86_64/BUILD/rpmbuild/BUILD/serefpolicy-3.5.13' > error: Bad exit status from /var/tmp/rpm-tmp.XoIIV1 (%install) > > I'm trying to build an mls policy with nsplugin defined as a module in > modules-mls.conf. nsplugin depends on execmem_exec_t which is defined in > unconfined.te which is _not_ a module in modules-mls.conf, creating the > error above. > > Is there a better place to declare execmem_exec_t (userdomain.te?). > > joe > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Yes, I think we should create a new app execmem.te and move stuff there. Java, Mono, and other apps fall into this categorie, of applications that users execute that require execmem, execstack privs. What we really need is USERTYPE_t executes execmem_exec_t gets USERTYPE_EXECMEM_T == (USERTYPE_T + execmem and execstack) Currently execmem_exec_t is just a rename of unconfined_execmem_exec_t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklrdO0ACgkQrlYvE4MpobMraACgl98E+0lh8VFEVJUT+TFiVkMW xLAAoLOVtLg9e/yKTFOA0oVLVqW4PC4R =r6Bq -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
