On GHC HEAD, Fefora Cote 5 and SELinux

Simon Marlow simonmarhaskell at gmail.com
Wed May 3 06:56:56 EDT 2006

wld wrote:
> As described in trac ticket 738, GHC HEAD does not
> work on Fedora Core 5 with selinux in enforcing
> mode. Selinux is the additional level of protection
> in Linux kernel that works above usual Unix
> permissions. Turning selinux to permissive mode
> (as suggested in the workaround to make GHC work)
> actually disables *all* protection. I think, many users
> of FC5 do not see it as workaround at all.
> I found a much lighter workaround - just to
> allow processes to execute in heap.
> In GUI:
>  Menu System -> Administration -> Security Level and Firewall -> tab 
> SELinux,
>  in the tree control open an item Other
>  turn on allow_execheap
> On command line (as root):
>        setsebool -P allow_execheap 1
> There are three related "booleans" to try (just in case
> the trick above does not help)
>  allow_execmem
>  allow_execmod
>  allow_execstack
> PS. This works for the targeted selinux policy, which is
> default in Fedora 5. There are also strict and mls policies.
> I am not selinux guru -I do not know if my workaround works
> for those policies.

Thanks, I've added this workaround to the ticket.


More information about the Glasgow-haskell-users mailing list