Bug 2013629

Summary: allow_execstack and allow execmem should be off
Product: Red Hat Enterprise Linux 9 Reporter: Zdenek Pytela <zpytela>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact:
Priority: high    
Version: 9.0CC: csoriano, fweimer, jpichon, lhh, ltamagno, lvrabec, mmalik, nielsdegraef, nlevinki, ofourdan, plautrba, rjones, rstrode, ssekidde, tpelka, tpopela, vbenes, zcaplovi
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1802479 Environment:
Last Closed: 2022-03-25 18:10:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1802479, 2064274    
Bug Blocks:    

Comment 7 Florian Weimer 2022-03-15 12:07:37 UTC 
Has this change already landed?
Comment 12 Zdenek Pytela 2022-03-17 20:33:27 UTC 
(In reply to Florian Weimer from comment #7)
> Has this change already landed?

There are no plans to change the deny_execmem boolean value in RHEL 9.
There is a bz 2055822 which removes the change of upstream "off" value of selinuxuser_execmod and selinuxuser_execstack.
Comment 13 Richard W.M. Jones 2022-03-17 20:54:38 UTC 
It certainly seems as if the default has changed.  We can no
longer load a proprietary library that has an executable stack.
Comment 14 Zdenek Pytela 2022-03-25 18:10:25 UTC 
Given the information gathered so far, the deny_execmem boolean value cannot be changed without substantial changes in other software code, so closing WONTFIX.
Comment 15 Red Hat Bugzilla 2023-09-15 01:36:33 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days