From: a.kuckartz@ping.de (Andreas Kuckartz)
Date: 19 Sep 2013 09:24:51 +0200
Subject: [refpolicy] Fwd: Debian unstable, SELinux and Iceweasel
In-Reply-To: <1379535027.16771.21.camel@d30>
References: <52384CD9.60604@ping.de> <5239AEFF.6000902@ping.de>
	<1379534082.16771.19.camel@d30> <1379535027.16771.21.camel@d30>
Message-ID: <523AA6C3.5000105@ping.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Dominick Grift:
>> you can allow the execmem issue with audit2allow
> 
> err .... there actually is probably a boolean that you can toggle to
> allow it:
> 
> allow_execmem
> allow_execstack
> 

This is suggested by audit2allow:

-----
#============= unconfined_t ==============
#!!!! This avc can be allowed using one of the these booleans:
#     allow_execstack, allow_execmem

allow unconfined_t self:process execmem;
-----

I really hesitate to accept this as a safe resolution of the issue.
Hopefully Mozilla will improve Firefox...

Cheers,
Andreas