So it seems that it is not necessary to be a clever hacker as spender to disable SELinux on a system (http://grsecurity.net/~spender/exploit.txt<http://grsecurity.net/%7Espender/exploit.txt>). Just follow the directions of the vendor. This one require to disable selinux for the proper function of one of its HA products, after years that the same vendor was critical with commercial product, o badly compiled open source for SELINUX execmem o textreloc issue, because they require the same.
http://marc.info/?l=selinux&m=125244025732144&w=2 James Morris first answer http://marc.info/?l=selinux&m=125245247920355&w=2 So articles like this are just marketing? http://magazine.redhat.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/ Regards
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
