Hello! I had a closer look at the libvirt-bin package:
libvirt_driver_storage.so depends on librados.so, which is known to use execstack: https://lintian.debian.org/tags/shlib-with-executable-stack.html root@nestor:~# ldd /usr/lib/libvirt/connection-driver/libvirt_driver_storage.so | grep rados librados.so.2 => /usr/lib/x86_64-linux-gnu/librados.so.2 (0x00007f4dd575d000) root@nestor:~# execstack -q /usr/lib/x86_64-linux-gnu/librados.so.2 X /usr/lib/x86_64-linux-gnu/librados.so.2 IMHO setting the execstack flag to "allow virtd_t self:process" is not a good idea. Maybe one possibility is, to create a type for those 'special' libraries, allow execstack for this type and add an appropriate transition? Kind regards Andre -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
