On Thu, 13 Jan 2005 10:45:56 -0500, Stephen Smalley sds@epoch.ncsc.mil wrote:
I'm concerned about the execmod denial on ld.so, not the execmem denials. I think Dan added both to the policy, but we need to remove the execmod rule and debug this further, because it seems wrong.
Understand. I see the execmod rule in base_user_macros.te.
How can I help?
Would it be useful for me to remove the execmod rule for ld_so_t from there and rerun with audit=1? Something else?
tom