#738: ghc can't load files with selinux Enforcing
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner:
Type: feature request | Status: reopened
Priority: normal | Milestone: 6.8 branch
Component: Runtime System | Version: 6.6.1
Severity: normal | Resolution:
Keywords: selinux | Difficulty: Unknown
Testcase: | Architecture: x86
Os: Linux |
----------------------------------------+-----------------------------------
Comment (by guest):
From the program point of view there is commentry here about how to avoid
this by doing two separate mappings, one writeable and one executable.
http://people.redhat.com/drepper/selinux-mem.html
That supposedly increases security but looks a bit ugly to me but since I
guess it's only needed in one place it might not be too bad???
From the local operating system point of view, you have to change the
binary to have a context which allows executable memory. You can either
look on a fedora system where darcs works or you can find an appropriate
context with.
sesearch --allow --target execmem
and what we work out is that probably we want unconfined_execmem_exec_t so
the command
chcon -t unconfined_execmem_exec_t /usr/bin/darcs
fixes this problem. (experiment with doing "chcon -t bin_t
/usr/bin/darcs" to break it again)
Michael De La Rue; posting as guest till I have better working private
mail.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/738#comment:12>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
Glasgow-haskell-bugs mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
