Menu
▾
▴
Re: libffcall and selinux
|
From: Bruno H. <br...@cl...> - 2017-05-30 21:49:53
|
Hi Don, > > > However, getsebool also shows > > > selinuxuser_execstack --> on > > > > > > If you want to allow unconfined executables to make their stack > > > executable. This should never, ever be necessary. Probably indicates > > > a badly coded executable, but could indicate an attack. This > > > executable should be reported in bugzilla, you must turn on the > > > selinuxuser_execstack boolean. > > > setsebool -P selinuxuser_execstack 1 > > > > This looks like the one that may be related to libffcall. > > No, libffcall was triggering execheap. ... > I've not yet seen any execstack complaints. Oh, this is more complex than I thought. > So as far as I know so far, current clisp has no issues with selinux > on latest fedora. Yup. I keep this issue on my radar, but won't do something about it unless someone reports a real problem. Bruno |
