Description of problem: By default, two SELinux-Boolean-Memory Protection lines are "allowed": 1 - "Allow unconfined executables to make their stack executable" 2 - "Allow Unconfined Executables to map a memory region as both executable and writable". Both lines include warnings to the effect that, if allowed, "this executable" should be reported to bugzilla. I reported this same situation as Bug#235103 for Fedora Core 6, but didn't have any additional information to add to that bug report. That report is now closed. Version-Release number of selected component (if applicable): ver. 2.6.4-29.fc7 How reproducible: New install, with default packages installed.
Created attachment 160684 [details] KEdit file
I didn't realize that when the new install of Fedora 7 updated, SELinux Policy also updated. The correct version is: 2.6.4-30.fc7.
This is intended for FC7 to have these turned on. The problem is lots of applications have this bad behavior built into them, and we wanted to give applications a chance to fix these problems. Currently Rawhide/FC8 has them turned off by default.
Here is the response from the Livna Bugzilla team concerning the SELinux lines in question: "Thx for this feedback Rqbert L. Kief ! That was hard but now this issue have to be documented! Maybe we (Steward and I) can raise this problem to nvidia; but until then, we need to have this info written in our Fedora forums... I will update the french wiki as soon as i'm back from vacation..." Obviously, they were unaware of the SELinux-Memory Protection issue. Would I be correct in assuming that the various bugzilla groups depend on the users to let them know of these interconnected problems? Would that be the reason that the warning text was left on the indicated lines in the Memory Protection area? This is the only way to bring these problems to the attention of the required groups? Thanks, RLK