eparis wrote: > [...] > Now how to fix the problems you were seeing. If you run a modern > system with a GUI I'm willing to bet the pop-up window told you > exactly how to fix your problem. [...] > > 1) chcon -t unconfined_execmem_t /path/to/your/binary > 2) setsebool -P allow_execmem 1 > [...] > I believe there was a question about how JIT's work with SELinux > systems. They work mostly by method #1. Actually, that's a solution to a different problem. Here, it's not particular /path/to/your/binaries that want/need selinux provileges. It's a kernel-driven debugging facility that needs it temporarily for arbitrary processes. It's not like JITs, with known binary names. It's not like GDB, which simply overwrites existing instructions in the text segment. To make uprobes work fast (single-step-out-of-line), one needs one or emore temporary pages with unusual mapping permissions. - FChE -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>