From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from astoria.ccjclearline.com ([64.235.106.9]) by linuxtogo.org with esmtp (Exim 4.69) (envelope-from ) id 1NUzDx-0003E1-Qf for openembedded-devel@lists.openembedded.org; Wed, 13 Jan 2010 10:09:12 +0100 Received: from cpe002129687b04-cm001225dbafb6.cpe.net.cable.rogers.com ([99.235.241.187] helo=crashcourse.ca) by astoria.ccjclearline.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1NUzBr-0005YW-RB for openembedded-devel@lists.openembedded.org; Wed, 13 Jan 2010 04:07:00 -0500 Date: Wed, 13 Jan 2010 04:06:14 -0500 (EST) From: "Robert P. J. Day" X-X-Sender: rpjday@localhost To: OpenEmbedded Development mailing list Message-ID: User-Agent: Alpine 2.00 (LFD 1167 2008-08-23) MIME-Version: 1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - astoria.ccjclearline.com X-AntiAbuse: Original Domain - lists.openembedded.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - crashcourse.ca X-Source: X-Source-Args: X-Source-Dir: X-SA-Exim-Connect-IP: 64.235.106.9 X-SA-Exim-Mail-From: rpjday@crashcourse.ca X-SA-Exim-Version: 4.2.1 (built Wed, 25 Jun 2008 17:20:07 +0000) X-SA-Exim-Scanned: No (on linuxtogo.org); Unknown failure Subject: is there a summary of OE-related selinux issues? X-BeenThere: openembedded-devel@lists.openembedded.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: openembedded-devel@lists.openembedded.org List-Id: Using the OpenEmbedded metadata to build Distributions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 09:09:13 -0000 Content-Type: TEXT/PLAIN; charset=US-ASCII as a followup to my earlier post, the selinux issue related to mmap is already well known. but does this represent these selinux warnings i get on my f12 system? Summary: SELinux is preventing /home/rpjday/oe/angstrom-dev/staging/x86_64-linux/usr/bin/python from making the program stack executable. Detailed Description: [SELinux is in permissive mode. This access was not denied.] The python application attempted to make its stack executable. This is a potential security problem. This should never ever be necessary. Stack memory is not executable on most OSes these days and this will not change. ... snip ... is this the same issue? and is this related to running qemu-arm? it would be nice to have a concise summary of OE-related selinux gotchas somewhere, and how to deal with them. rday -- ======================================================================== Robert P. J. Day Waterloo, Ontario, CANADA Linux Consulting, Training and Kernel Pedantry. Web page: http://crashcourse.ca Twitter: http://twitter.com/rpjday ========================================================================