Re: SELinux and execheap
Andrea Musuruane wrote:
Hi all,
As you main know, I maintain e-uae in RPM Fusion. Unluckily it
requires an executable heap and SELinux complains about this.
Therefore I try to tell SELinux that this program is OK to require an
executable heap and not to worry about. I read that changing the
context of the executable to unconfined_execmem_exec_t should be
enough.
This is the scriptlet I tried to make, but it doesn't work.
%post
[...]
semanage fcontext -a -t unconfined_execmem_exec_t %{_bindir}/uae
> /dev/null 2>&1 || :
restorecon -R %{_bindir}/uae
%postun
[...]
if [ "$1" -eq "0" ]; then
semanage fcontext -d -t unconfined_execmem_exec_t %{_bindir}/uae
> /dev/null 2>&1 || :
fi
Any idea what is wrong?
No,
But can you try the following:
ls -Z /usr/bin/uae
And if that does not show unconfined_execmem_exec_t, then the scriptlets are
not working for some reason.
If the scriptlets are not working you can try a manual chcon like this:
chcon -t unconfined_execmem_exec_t /usr/bin/uae
And then run uae with selinux enforcing, then we can see if setting the type to
unconfined_execmem_exec_t atleast fixes things? Maybe uae is just a wrapper
which startsup another binary, then the type of that binary needs changing too.
Regards,
Hans