On Wed, 2005-06-29 at 12:12 -0300, Mart�Marqu�wrote: > Shouldn't the update of selinux-policy-targeted force a kernel update to > -1.35_FC3? The problem with older kernels wasn't known at the time, and we still aren't sure what is causing the pervasive execmod problem in the older kernels. The SELinux code itself should be the same, so it seems to be a side effect of some kernel patch that changed between -1.27 and -1.35. Now, there will still be some execmod denials with -1.35 and the policy needs some changes to address those denials, but those are limited to actual cases where you have a text relocation (e.g. gpg, acroread, ...), not programs like /sbin/init. -- Stephen Smalley National Security Agency
