https://bugs.exim.org/show_bug.cgi?id=1749
--- Comment #51 from Zoltan Herczeg <hzmester@???> ---
Yes, that is a very good point. SELinux is designed to prevent JIT compilation.
Probably the solution could be recompiling everything after a fork (remember
the JIT compiling options and do a compilation during exec). It could be a
counter: every time we do a fork the value is increased by one. If an executed
pattern has lower counter than the current one: recompile it. But that could
have side effects and constantly checking forks could be expensive.
It would be good to talk to a security expert, and discuss whether JIT
compiling is important on SELinux, or security > performance there.
--
You are receiving this mail because:
You are on the CC list for the bug.