https://bugzilla.suse.com/show_bug.cgi?id=1206292 https://bugzilla.suse.com/show_bug.cgi?id=1206292#c3 Filippo Bonazzi <filippo.bonazzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |filippo.bonazzi@suse.com --- Comment #3 from Filippo Bonazzi <filippo.bonazzi@suse.com> --- To be even more specific than that: the booleans that are being discussed (selinuxuser_execmod, selinuxuser_execstack)[0] IMO are generally dangerous and not required by normal applications doing normal stuff. E.g. from the selinux manpage:

If you want to allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla, you must turn on the selinuxuser_execstack boolean.

setsebool -P selinuxuser_execstack 1

That is why they are not set by default. The default settings are picked to provide as good protection as possible for most people. If the specific application you are trying to run requires this to work, you can set these booleans on your system. [0] https://en.opensuse.org/Portal:MicroOS/Desktop -- You are receiving this mail because: You are on the CC list for the bug.