Nicolas Mailhot wrote:
Seems some python bits and mplayer are not safe either :
You have to specify which architecture. I assume the following are x64
since otherwise syscall=10 makes no sense.
type=AVC msg=audit(1134326070.107:1325): avc: denied { execmem } for
pid=28368 comm="mplayer"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
type=SYSCALL msg=audit(1134326070.107:1325): arch=c000003e syscall=10
success=no exit=-13 a0=7fffff8a5000 a1=1000 a2=1000007 a3=1 items=0
pid=28368 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="mplayer" exe="/usr/bin/mplayer"
type=AVC msg=audit(1134326066.831:1324): avc: denied { execmem } for
pid=28361 comm="python"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
type=SYSCALL msg=audit(1134326066.831:1324): arch=c000003e syscall=10
success=no exit=-13 a0=7fffff863000 a1=1000 a2=1000007 a3=1 items=0
pid=28361 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="python" exe="/usr/bin/python"
Both a mprotect calls but because x64 does not allow text relocations
the reason must be in the program logic. Definitely wrong code but what
remains to be seen.
Try using strace to determine what the programs try to do.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
