On Sun, Dec 27, 2009 at 01:48:03PM +0100, Klaus Lichtenwalder wrote: > Hi, > > just checked to freshly installed Fedora 12 machines, and found > allow_execmem --> on > allow_execstack --> on > Is there a reason for this, as the comment in semanage strongly > discourages it? Or did I install a package that switches those booleans? By default SELinux is pretty permissive (much is allowed). However you can very much tighten the configuration. A few things to do: map all your Linux logins to confined SELinux users disable the unconfined module lock-down your booleans ...and much more... > > Klaus > > -- > ------------------------------------------------------------------------ > Klaus Lichtenwalder, Dipl. Inform., http://lklaus.homelinux.org/Klaus/ > PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B 9C62 DB6D 1258 0E9B B6D1 > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgpTSlFxsT1UU.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
