SELinux Memory Protections are Your Friend
Source: james-morris - Posted by Bill Keys   
SELinux I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work. When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper's SELinux Memory Protection Tests for details. What to do when SELinux does not work with a software that you want to run? This article looks into how memory protection in SELinux maybe the cause of the problem.

Read this full article at james-morris

Only registered users can write comments.
Please login or register.

Powered by AkoComment!