* execmod permission
@ 2007-09-21 1:51 Clarkson, Mike R (US SSA)
2007-09-21 10:45 ` Ken YANG
2007-09-21 12:53 ` Stephen Smalley
0 siblings, 2 replies; 3+ messages in thread
From: Clarkson, Mike R (US SSA) @ 2007-09-21 1:51 UTC (permalink / raw)
To: selinux
Can someone explain to me what this permission provides?
The explanation that I've seen is this: "Make executable a file mapping
that has been modified (implied by a copy-on-write)"
I don't know what that means. The audit log is suggesting that I need to
provide this permission for a shared library file.
Thanks
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: execmod permission
2007-09-21 1:51 execmod permission Clarkson, Mike R (US SSA)
@ 2007-09-21 10:45 ` Ken YANG
2007-09-21 12:53 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Ken YANG @ 2007-09-21 10:45 UTC (permalink / raw)
To: Clarkson, Mike R (US SSA); +Cc: selinux
Clarkson, Mike R (US SSA) wrote:
> Can someone explain to me what this permission provides?
>
> The explanation that I've seen is this: "Make executable a file mapping
> that has been modified (implied by a copy-on-write)"
>
> I don't know what that means. The audit log is suggesting that I need to
> provide this permission for a shared library file.
The execmod permission controls the ability to execute memory-mapped
files that *have been modified* in the process memory.
This permission check is useful in keeping shared libraries from being
modified within a process. Without it, if a memory mapped file is
modified, it will not be allowed to be executed by the process
>
> Thanks
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: execmod permission
2007-09-21 1:51 execmod permission Clarkson, Mike R (US SSA)
2007-09-21 10:45 ` Ken YANG
@ 2007-09-21 12:53 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2007-09-21 12:53 UTC (permalink / raw)
To: Clarkson, Mike R (US SSA); +Cc: selinux
On Thu, 2007-09-20 at 18:51 -0700, Clarkson, Mike R (US SSA) wrote:
> Can someone explain to me what this permission provides?
>
> The explanation that I've seen is this: "Make executable a file mapping
> that has been modified (implied by a copy-on-write)"
>
> I don't know what that means. The audit log is suggesting that I need to
> provide this permission for a shared library file.
http://people.redhat.com/drepper/selinux-mem.html
http://people.redhat.com/drepper/textrelocs.html
http://docs.fedoraproject.org/selinux-faq-fc5/#faq-entry-unconfined_t
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-09-21 12:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-21 1:51 execmod permission Clarkson, Mike R (US SSA)
2007-09-21 10:45 ` Ken YANG
2007-09-21 12:53 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.