wld wrote:
As described in trac ticket 738, GHC HEAD does not work on Fedora Core 5 with selinux in enforcing mode. Selinux is the additional level of protection in Linux kernel that works above usual Unix permissions. Turning selinux to permissive mode (as suggested in the workaround to make GHC work) actually disables *all* protection. I think, many users of FC5 do not see it as workaround at all.
I found a much lighter workaround - just to allow processes to execute in heap.
In GUI: Menu System -> Administration -> Security Level and Firewall -> tab SELinux, in the tree control open an item Other turn on allow_execheap
On command line (as root):
setsebool -P allow_execheap 1
There are three related "booleans" to try (just in case the trick above does not help)
allow_execmem allow_execmod allow_execstack
PS. This works for the targeted selinux policy, which is default in Fedora 5. There are also strict and mls policies. I am not selinux guru -I do not know if my workaround works for those policies.
Thanks, I've added this workaround to the ticket. Cheers, Simon