[DSE-Dev] Bug#1070039: Acknowledgement (refpolicy: enforcing mode causes machine with GNOME desktop to crash)

Henrik Ahlgren pablo at seestieto.com
Mon Apr 29 14:38:41 BST 2024


It seems the immediate crash was caused by gnome-shell trying to do
execmem, I guess some JavaScript JIT thing. After enabling the
allow_execmem boolean, gnome-shell no longer crashes.

I am not sure how, but it would be good to have better out-of-the-box
experience with SELinux on desktop systems. At least it should not
straight up crash, if the user is unaware of this boolean. The mindset
sometimes seem to be that SELinux only provides benefits on headless
servers. I don't see the logic in that, in fact, the use case where
SELinux has most success is mobile devices (Android) and Fedora Desktop
ships SELinux by default without much issues.



More information about the SELinux-devel mailing list