On Wed, 2011-06-29 at 13:05 -0400, Genes MailLists wrote: > # semanage fcontext -a -t textrel_shlib_t '/opt/google/chrome/chrome' > # restorecon -v '/opt/google/chrome/chrome' If it really needs it then I would probably go with the above. Is it reasonable? No: http://www.akkadia.org/drepper/textrelocs.html Quote: "There is usually no reason to not fix the problems. While a programs with text relocations can be made to run by relaxing the SELinux security this is a bad idea. The kind of permissions which have to be granted to the program create a gaping hole in the security policy. Attackers will be able to modify the memory as well. If this is not the case a program can enforce a strict W^X policy. I.e., no memory page is writable and executable at the same time. And more: SElinux can also enforce that no writable page can be marked as read/exec-only. With these provisions an attacker has no room where to place his/her exploit code. This is a huge win. So, always fix all text relocations. We've made it as easy as possible."
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
