danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
Live from the Red Hat Summit
danwalsh
Once a year Red Hat takes a bunch of Engineers/Employees out of their cubes and invites its customers for a few days of technical exchange.  So I had to dig out my best shorts and a decent polo shirt and head to Tennessee.

There are two presentations on SELinux this week, under the security track.

The first on Wednesday Morning 11:30 will be given by Chris Runge,  SELinux Executive Overview.

The second talk will be given by me on Assurance: SELinux for administrators with Red Hat Enterprise Linux 4.  This is a two how introduction, I wanted to be called SELinux for Dummies, but since no "Dummies" would show up at the Red Hat Summit, we had to change the name to make sure we had an audience.  :^)  The talk gives an overview of SELinux with a lot of talk about command and utilities, avc messages and looking at how SELinux  is setup on a Red Hat Enterprise Linux 4 box.

I will be around at the summit and will be on line, if anyone wants to talk.

One interesting thing that happened this weekend is that Google released Picasa with the stipulation that you turn off SELinux because it may not work with it.  I have tried Picasa and it seems to work fine, with the latest Policy.  I would guess Google had some problems with the execmod check and perhaps execmem,execheap.  Picasa seems to be using a private copy of wine in /opt/picasa/wine/bin/wine.  In Rawhide this executable needs to be labeled wine_exec_t.

chcon -t wine_exec_t /opt/picasa/wine/bin/wine

would fix the problem, since it requires execmem and execstack, the latest rawhide policy should have this rule.

Everything else seems to work, from the limited testing I have done.  If you have a problem send me a note or bugzilla it and I will try to get a fix out quickly.  If you see a library that generates and execmod.

try

chcon -t textrel_shlib_t LIBRARYPATH

Now off to find  Shania Twaine ...

Dan

 

No HTML allowed in subject

  
 
   
 

(will be screened)

You are viewing danwalsh