On GHC HEAD, Fefora Cote 5 and SELinux

wld volodimir.rudenko at gmail.com
Tue May 2 20:25:32 EDT 2006

As described in trac ticket 738, GHC HEAD does not
work on Fedora Core 5 with selinux in enforcing
mode. Selinux is the additional level of protection
in Linux kernel that works above usual Unix
permissions. Turning selinux to permissive mode
(as suggested in the workaround to make GHC work)
actually disables *all* protection. I think, many users
of FC5 do not see it as workaround at all.

I found a much lighter workaround - just to
allow processes to execute in heap.

  Menu System -> Administration -> Security Level and Firewall -> tab SELinux,
  in the tree control open an item Other
  turn on allow_execheap

On command line (as root):

        setsebool -P allow_execheap 1

There are three related "booleans" to try (just in case
the trick above does not help)


PS. This works for the targeted selinux policy, which is
default in Fedora 5. There are also strict and mls policies.
I am not selinux guru -I do not know if my workaround works
for those policies.

lambda is the ultimate

More information about the Glasgow-haskell-users mailing list