On GHC HEAD, Fefora Cote 5 and SELinux
Simon Marlow
simonmarhaskell at gmail.com
Wed May 3 06:56:56 EDT 2006
wld wrote:
> As described in trac ticket 738, GHC HEAD does not
> work on Fedora Core 5 with selinux in enforcing
> mode. Selinux is the additional level of protection
> in Linux kernel that works above usual Unix
> permissions. Turning selinux to permissive mode
> (as suggested in the workaround to make GHC work)
> actually disables *all* protection. I think, many users
> of FC5 do not see it as workaround at all.
>
> I found a much lighter workaround - just to
> allow processes to execute in heap.
>
> In GUI:
> Menu System -> Administration -> Security Level and Firewall -> tab
> SELinux,
> in the tree control open an item Other
> turn on allow_execheap
>
> On command line (as root):
>
> setsebool -P allow_execheap 1
>
> There are three related "booleans" to try (just in case
> the trick above does not help)
>
> allow_execmem
> allow_execmod
> allow_execstack
>
> PS. This works for the targeted selinux policy, which is
> default in Fedora 5. There are also strict and mls policies.
> I am not selinux guru -I do not know if my workaround works
> for those policies.
Thanks, I've added this workaround to the ticket.
Cheers,
Simon
More information about the Glasgow-haskell-users
mailing list