SELinux and execheap
Hans de Goede
j.w.r.degoede at hhs.nl
Wed Aug 27 12:04:33 CEST 2008
Andrea Musuruane wrote:
> Hi all,
> As you main know, I maintain e-uae in RPM Fusion. Unluckily it
> requires an executable heap and SELinux complains about this.
>
> Therefore I try to tell SELinux that this program is OK to require an
> executable heap and not to worry about. I read that changing the
> context of the executable to unconfined_execmem_exec_t should be
> enough.
>
> This is the scriptlet I tried to make, but it doesn't work.
>
> %post
> [...]
> semanage fcontext -a -t unconfined_execmem_exec_t %{_bindir}/uae
>> /dev/null 2>&1 || :
> restorecon -R %{_bindir}/uae
>
> %postun
> [...]
> if [ "$1" -eq "0" ]; then
> semanage fcontext -d -t unconfined_execmem_exec_t %{_bindir}/uae
>> /dev/null 2>&1 || :
> fi
>
> Any idea what is wrong?
No,
But can you try the following:
ls -Z /usr/bin/uae
And if that does not show unconfined_execmem_exec_t, then the scriptlets are
not working for some reason.
If the scriptlets are not working you can try a manual chcon like this:
chcon -t unconfined_execmem_exec_t /usr/bin/uae
And then run uae with selinux enforcing, then we can see if setting the type to
unconfined_execmem_exec_t atleast fixes things? Maybe uae is just a wrapper
which startsup another binary, then the type of that binary needs changing too.
Regards,
Hans
More information about the rpmfusion-developers
mailing list