SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Latest Ref Policy Diffs This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Christopher J. PeBenito <cpebenito_at_tresys.com> Date: Fri, 09 Dec 2005 09:21:48 -0500 On Thu, 2005-12-08 at 16:14 -0500, Daniel J Walsh wrote: > Major change in targeted policy is about to hit. Basically we are going > to turn off allow_execmod, allow_execmem, and allow_execstack by default > for unconfined_t programs. I just have a question about this hunk: > @@ -79,6 +75,8 @@ > > ifdef(`targeted_policy',` > unconfined_domain_template(xdm_t) > + allow xdm_t self:process execmem; > + unconfined_domtrans(xdm_t) > ',` > allow xdm_t xdm_lock_t:file create_file_perms; > files_create_lock(xdm_t,xdm_lock_t) Shouldn't the execmem be outside of the ifdef, since if it needs this, it will need it regardless of the policy type? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 9 Dec 2005 - 09:26:58 EST This message: [ Message body ] Next message: Daniel J Walsh: "Re: Latest Ref Policy Diffs" Previous message: Daniel J Walsh: "Interesting reading on exec* access checks." In reply to: Daniel J Walsh: "Latest Ref Policy Diffs" Next in thread: Daniel J Walsh: "Re: Latest Ref Policy Diffs" Reply: Daniel J Walsh: "Re: Latest Ref Policy Diffs" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom