Dominick Grift: > JIT indeed is know to atleast "execmem", but i am not sure if the same > applies to "execstack" It appears not. My inital guesses about execstack seems to have been wrong. But for some reason, enabling alllow_execstack ALSO makes the help browser work. > I think that help-browser needs to be labelled execmem_exec_t, see if > that works for you. It does. > If it does then consider reporting it to selinux-policy Done: https://bugzilla.redhat.com/show_bug.cgi?id=668162 > 4. i think JIT compilers generally need execmem, and that this from that > perspective is not a bug. Understood. I guess any using webkitgtk could need it then. But there isn't any way to enable it for all using the library, but just inside the library, is there? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
