> Date: Thu, 22 Apr 2010 22:53:01 +0200
> From: Dominick Grift <domg472(a)gmail.com>
> On Thu, Apr 22, 2010 at 04:25:58PM -0400, m.roth(a)5-cent.us wrote:
>> I've got the java wants to write, and execmem errors. audit2allow gives
>> me
>> this:
>> allow httpd_sys_script_t nfs_t:file { execute execute_no_trans };
>> allow httpd_sys_script_t self:process { execmem getsched };
>> allow httpd_sys_script_t usr_t:file { execute execute_no_trans };
>
> By allowing the second line of policy you allow all generic httpd system
> scripts to execute anonymous memory and you allow then to set schedule
> on its own process.
<snip>
Looking futher: that second one, I see, is also being caused by matlab,
which is not an unintelligent package. How serious is it to allow that...
or is there a policy rule that's been tightened recently that used to
allow this?
mark