From: a.kuckartz@ping.de (Andreas Kuckartz) Date: 19 Sep 2013 09:24:51 +0200 Subject: [refpolicy] Fwd: Debian unstable, SELinux and Iceweasel In-Reply-To: <1379535027.16771.21.camel@d30> References: <52384CD9.60604@ping.de> <5239AEFF.6000902@ping.de> <1379534082.16771.19.camel@d30> <1379535027.16771.21.camel@d30> Message-ID: <523AA6C3.5000105@ping.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Dominick Grift: >> you can allow the execmem issue with audit2allow > > err .... there actually is probably a boolean that you can toggle to > allow it: > > allow_execmem > allow_execstack > This is suggested by audit2allow: ----- #============= unconfined_t ============== #!!!! This avc can be allowed using one of the these booleans: # allow_execstack, allow_execmem allow unconfined_t self:process execmem; ----- I really hesitate to accept this as a safe resolution of the issue. Hopefully Mozilla will improve Firefox... Cheers, Andreas