[DSE-Dev] Bug#963495: not a bug

Russell Coker russell at coker.com.au
Thu Dec 31 07:08:18 GMT 2020

close 963495

Run "setsebool allow_execmem 1" before running certbot and it will be fine.  
After running certbot you can run "setsebool allow_execmem 0".  Or you could 
run "setsebool -P allow_execmem 1" to make the change continue to apply after 
a reboot.

There is no good solution to this as we don't want to allow execmem by 
default.  Also this only happens if you have openssl python libraries 
installed (typically dragged in by certbot dependencies).  If you don't have 
them installed then reportbug doesn't need execmem access.

This is annoying, but we just have some unpleasant choices.

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

More information about the SELinux-devel mailing list