On Fri, 2005-01-28 at 13:12, Stephen Smalley wrote:
I think that the allow_execmod boolean only allows execmod permission to files labeled with the new texrel_shlib_t type. Or at least that is what it should do. Any existing occurrences of execmod permission in the policy should be changed to use texrel_shlib_t now that it is defined, and then any DSOs that require it should be relabeled to that type.
We should also wrap occurrences of execmem with a boolean, but a separate one than the execmod rules. Might also want multiple booleans, e.g. to allow certain programs without allowing all others.