On Mon, Aug 04, 2008, Russell Coker wrote: > http://etbe.coker.com.au/2007/02/10/execmod/ > > The above URL has background information on the execmod denial from SE > Linux.
If you want to file bugs about binaries not using -fpic / -fPIC on i386, then I think you need to start a wider discussion on debian-devel@: this was debated and I understand there's now an exception for performance critical code (such as libswscale's case): <http://www.debian.org/doc/debian-policy/footnotes.html#f61> I see two ways to go forward: implement a way to disable execution of such binaries when under SELINUX, or force usage of -fPIC, even in performance critical code. -- Loïc Minier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]