[Haskell-cafe] GHC 6.6.1 and SELinux issues
Alexander Vodomerov
alexander.vodomerov at gmail.com
Wed Aug 29 03:01:14 EDT 2007
On Tue, Aug 28, 2007 at 08:53:05PM -0600, Stuart Jansen wrote:
> On Wed, 2007-08-29 at 00:59 +0400, Alexander Vodomerov wrote:
> > In what domain do you run GHC?
>
> Sorry about that, should've dug deeper. And here we have the difference:
>
> $ ls -Z /usr/lib/ghc-6.6.1/ghc-6.6.1
> -rwxr-xr-x root root
> system_u:object_r:unconfined_execmem_exec_t /usr/lib/ghc-6.6.1/ghc-6.6.1
This explains that GHC works fine. unconfined_execmem_exec_t gives
permission to map memory with PROT_EXEC and PROT_WRITE simultaneously.
I've put GHC in unconfined_execmem_t and it started to work fine. But
the problem is not in GHC -- it is in programs compiled by GHC. They
also require exec/write memory. Only root can grant unconfined_execmem
privileges, so simple user can not run binaries compiled by GHC. How do
you solve this problem? Does Fedora GHC package has any additional
patches?
With best regards,
Alexander.
More information about the Haskell-Cafe
mailing list