On 2/15/06, Daniel J Walsh dwalsh@redhat.com wrote:
Jonathan Berry wrote:
On 2/13/06, Daniel J Walsh dwalsh@redhat.com wrote: [snip]
Try setsebool -P allow_execstack=1
Yes, this allows both Firefox and Evolution to start up normally. What exactly does this do? Doesn't appear to be a very security conscious fix. Does this just mean that NSS needs an executable stack and wasn't given one?
Jonathan
Yes. We are investigating why it needs an executable stack.
Looks like this is an initialization thing. So after the first time you can turn it off. Although I think flash player needs it too.
After installing Core 5 Test 3, I am not seeing any more issues with this. In fact, I had not in my Test 2 (and updates) install after running the above command, but I was not sure if something got fixed or if the command just "stuck." It seems the -P writes the setting to file, but I do not remember completely. I cannot check that since I cannot seem to get a man page for setsebool, even though it is mentioned in the selinux man page. $ man setsebool No manual entry for setsebool Is something wrong here? From "man selinux": SEE ALSO booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restore-
Jonathan