On 11/25/2009 06:00 AM, Braden McDaniel wrote: > I develop software on Fedora. Since upgrading to Fedora 12, I now trip > over this when my program tries to dlopen libjvm.so: > > SELinux is preventing /var/user/braden/openvrml-dbg/examples/.libs/lt-sdl-viewer > from making the program stack executable. > > Changing the context of the executable each time it's built isn't > especially practical; and disabling this check for everything on the > system isn't especially desirable. Is there a better way to manage > this? > > I was planning to bring this up for discussion. I could write a rule that says unconfined_t->user_home_t->unconfined_execmem_t unconfined_t->user_tmp_t->unconfined_execmem_t Which would mean that any executables executed from the home dir would execute in execmem_t since we do not know if they are java/mono/or some other lang that requiers execmem/execstack. This would allow us to stop all executables that are installed on the system to require correct labeling. What do you think? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
