On GHC HEAD, Fefora Cote 5 and SELinux
wld
volodimir.rudenko at gmail.com
Tue May 2 20:25:32 EDT 2006
As described in trac ticket 738, GHC HEAD does not
work on Fedora Core 5 with selinux in enforcing
mode. Selinux is the additional level of protection
in Linux kernel that works above usual Unix
permissions. Turning selinux to permissive mode
(as suggested in the workaround to make GHC work)
actually disables *all* protection. I think, many users
of FC5 do not see it as workaround at all.
I found a much lighter workaround - just to
allow processes to execute in heap.
In GUI:
Menu System -> Administration -> Security Level and Firewall -> tab SELinux,
in the tree control open an item Other
turn on allow_execheap
On command line (as root):
setsebool -P allow_execheap 1
There are three related "booleans" to try (just in case
the trick above does not help)
allow_execmem
allow_execmod
allow_execstack
PS. This works for the targeted selinux policy, which is
default in Fedora 5. There are also strict and mls policies.
I am not selinux guru -I do not know if my workaround works
for those policies.
V.Rudenko
--
lambda is the ultimate
More information about the Glasgow-haskell-users
mailing list