Simon Marlow wrote:
My fix works around allow_execheap being set to 0, but not
allow_execmem. This page describes how to work around allow_execmem:
http://people.redhat.com/drepper/selinux-mem.html
Okay, thanks.
But I really object to having to go to such lengths just to work around
an overly restrictive security policy. GHC really does do runtime code
generation, so it really does need some writable/executable memory.
Agreed.
Perhaps someone who knows SELinux would like to describe how to set up
an exception for GHC so we can put it in the FAQ? How do things like
Mono work on an SELinux system, do they have a policy exception set up?
Yes, I just checked and there is some policy included for mono in
selinux-policy.
I just wonder if the ghc case is harder since programs compiled by ghc
using the rts need exceptions too not just ghc itself. But hopefully
selinux can take care of that. I'll try to get input from some
selinux people.
Jens
_______________________________________________
Glasgow-haskell-bugs mailing list
Glasgow-haskell-bugs@haskell.org
http://www.haskell.org/mailman/listinfo/glasgow-haskell-bugs
