Re: selinux and legacy "compat" application in FC5

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: selinux and legacy "compat" application in FC5
From: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Tue, 28 Mar 2006 10:40:34 +0100
In-reply-to: <44290329.1020402@xxxxxxxxxxxxxxxxx>
References: <200603280020.11103.jonesc@xxxxxxxxxxxxxxxxx> <e09tde$9kd$1@xxxxxxxxxxxxx> <44290329.1020402@xxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Thunderbird 1.5 (X11/20060313)

Chris Jones wrote:


Look into the setsebool command and the allow_execheap boolean.


Thanks. That was the hint I needed. In the end I need to issue

 > setsebool allow_execheap=true allow_execmod=true

Before I make this change permanent, what the the security implicationsof this ?


One less layer of defence.

There's more on FC5 SELinux memory protection here:
http://people.redhat.com/drepper/selinux-mem.html

Paul.

Follow-Ups:
- Re: selinux and legacy "compat" application in FC5
  - From: Chris Jones

References:
- selinux and legacy "compat" application in FC5
  - From: Chris Jones
- Re: selinux and legacy "compat" application in FC5
  - From: Ian Pilcher
- Re: selinux and legacy "compat" application in FC5
  - From: Chris Jones