Question about "exec-shield"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

 

I’ve a question about “exec-shield”, pratically, in some servers SELinux it’s Disabled, but I see that “exec-shield” is enabled:

 

******************************************

[root@app12trnr TSCM]# sysctl -a|grep -i exec

kernel.exec-shield = 1

[root@app12trnr TSCM]# sestatus

SELinux status:                 disabled

******************************************

 

-          Now, the question is: also if SELinux is Disabled, the exec-shield works normally? And if the answer is “yes”, with wich criteria the exec-shield block an application to write on memory?

-          Because I think that only SELinux can manage “exec-shield” for decide with wich criteria can block something to write on memory. Because I saw that there is “process object class” with some permissions that specify proper “execheap, execstack, and go on”  for manage “allow/deny”.

 

I hope I was clear with the question.

Thanks in advance,

 

Maurizio Pagani

 

 

 

 

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux