[Pidgin] #203: Mono Loader and SELinux
Pidgin
trac at pidgin.im
Wed Apr 18 21:58:17 EDT 2007
#203: Mono Loader and SELinux
------------------------+---------------------------------------------------
Reporter: ecoffey | Owner: ecoffey
Type: defect | Status: new
Priority: major | Milestone:
Component: libpurple | Version: 2.0
Resolution: | Keywords:
------------------------+---------------------------------------------------
Changes (by nosnilmot):
* owner: => ecoffey
Old description:
> From nosnilmot:
>
> Mono apps need mono_exec_t. Since pidgin doesn't call /usr/bin/mono to
> run its
> mono bits, the existing selinux policy misses this.
> XXX: This command fails on non-selinux systems with a non-zero return
> code.
> Changing the selinux context here would also cause rpm -V and TPS
> failure.
>
> This is the killer:
> There is also concern that we don't want pidgin to run with this security
> context
> due to its historical security track record. For now we are disaling
> mono
> temporarily until we decide a long term solution.
> /usr/bin/chcon -t mono_exec_t /usr/bin/pidgin
New description:
From nosnilmot (excerpt from a Fedora spec file):
Mono apps need mono_exec_t. Since pidgin doesn't call /usr/bin/mono to run
its mono bits, the existing selinux policy misses this.[[BR]][[BR]]
XXX: This command fails on non-selinux systems with a non-zero return
code. Changing the selinux context here would also cause rpm -V and TPS
failure.
[[BR]][[BR]]
This is the killer:[[BR]]
There is also concern that we don't want pidgin to run with this security
context due to its historical security track record. For now we are
disaling mono temporarily until we decide a long term solution.[[BR]]
/usr/bin/chcon -t mono_exec_t /usr/bin/pidgin
--
Ticket URL: <http://developer.pidgin.im/ticket/203#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list