Hi there, I’ve a question about “exec-shield”, pratically, in some servers SELinux it’s Disabled, but I see that “exec-shield” is enabled: ****************************************** [root@app12trnr TSCM]# sysctl -a|grep -i exec kernel.exec-shield = 1 [root@app12trnr TSCM]# sestatus SELinux status: disabled ****************************************** - Now, the question is: also if SELinux is Disabled, the exec-shield works normally? And if the answer is “yes”, with wich criteria the exec-shield block an application to write on memory? - Because I think that only SELinux can manage “exec-shield” for decide with wich criteria can block something to write on memory. Because I saw that there is “process object class” with some permissions that specify proper “execheap, execstack, and go on” for manage “allow/deny”. I hope I was clear with the question. Thanks in advance, Maurizio Pagani |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
