Re: xterm: either fix it, or remove it. please.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Robert P. J. Day" <rpjday@crashcourse.ca>
To: openembedded-devel@lists.openembedded.org
Subject: Re: xterm: either fix it, or remove it. please.
Date: Thu, 12 Nov 2009 23:38:01 -0500 (EST)	[thread overview]
Message-ID: <alpine.LFD.2.00.0911122330370.24167@localhost> (raw)
In-Reply-To: <4AFC854D.8040302@balister.org>

On Thu, 12 Nov 2009, Philip Balister wrote:

> On 11/12/2009 04:42 PM, GNUtoo wrote:
> > > Is it practical?  I think the answer is no.  In my experience,
> > > tools like selinux have a tendency to require inordinate amounts
> > > of administrative burden that just isn't practical in a
> > > development environment.  I think requiring that selinux be
> > > disabled on build hosts is a reasonable requirement, and will
> > > avoid wasting a lot of cycles that should be spent on OE, and
> > > not on administration (or sending lots of emails).

> > What about supporting only the unconfined user selinux
> > type(unconfined_u),in targeted mode?
>
> I'm running default Selinux on F11, I don't think we can just say OE
> must have SELinux turned off.

  at the very least, selinux needs to be configured to allow
/proc/sys/vm/mmap_min_addr = 0.  here's the corresponding selinux
diagnostic you get because of that:

Summary:

SELinux is preventing
/home/rpjday/oe/angstrom-dev/staging/x86_64-linux/usr/bin/qemu-arm
"mmap_zero" access on <Unknown>.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by qemu-arm. The current boolean
settings do not allow this access. If you have not setup qemu-arm to
require this access this may signal an intrusion attempt. If you do
intend this access you need to change the booleans on this system to
allow the access.

Allowing Access:

Confined processes can be configured to run requiring different
access, SELinux provides booleans to allow you to turn on/off access
as needed. The boolean mmap_low_allowed is set incorrectly. Boolean
Description: Allow certain domains to map low memory in the kernel

Fix Command:

# setsebool -P mmap_low_allowed 1

rday
--

========================================================================
Robert P. J. Day                               Waterloo, Ontario, CANADA

            Linux Consulting, Training and Kernel Pedantry.

Web page:                                          http://crashcourse.ca
Twitter:                                       http://twitter.com/rpjday
========================================================================

next prev parent reply	other threads:[~2009-11-13  4:40 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-11-12  5:47 xterm: either fix it, or remove it. please Robert P. J. Day
2009-11-12  5:56 ` Holger Hans Peter Freyther
2009-11-12  6:22   ` Robert P. J. Day
2009-11-12  6:22   ` Holger Hans Peter Freyther
2009-11-12  6:36     ` Robert P. J. Day
2009-11-12  7:20       ` Holger Hans Peter Freyther
2009-11-12  7:32         ` Holger Hans Peter Freyther
2009-11-12  7:34         ` Robert P. J. Day
2009-11-12  8:33           ` Michael 'Mickey' Lauer
2009-11-12  8:28         ` Graeme Gregory
2009-11-12  8:15       ` Frans Meulenbroeks
2009-11-12 12:28         ` Robert P. J. Day
2009-11-12 12:47           ` Frans Meulenbroeks
2009-11-12 12:58             ` Robert P. J. Day
2009-11-12 13:05               ` Graeme Gregory
2009-11-12 15:37                 ` Robert P. J. Day
2009-11-12 13:11               ` Holger Hans Peter Freyther
2009-11-13  8:43                 ` Robert P. J. Day
2009-11-13  8:55                 ` Robert P. J. Day
2009-11-13  9:32                   ` Graeme Gregory
2009-11-12 13:15             ` Robert P. J. Day
2009-11-12 18:49             ` Mike Westerhof
2009-11-12 21:42               ` GNUtoo
2009-11-12 21:59                 ` Philip Balister
2009-11-12 22:17                   ` Graeme Gregory
2009-11-13  4:38                   ` Robert P. J. Day [this message]
2009-11-12 11:51 ` Philip Balister

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LFD.2.00.0911122330370.24167@localhost \
    --to=rpjday@crashcourse.ca \
    --cc=openembedded-devel@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.