On Dim 11 décembre 2005 23:24, Ulrich Drepper wrote:
> Nicolas Mailhot wrote:
>> Seems some python bits and mplayer are not safe either :
>
> You have to specify which architecture. I assume the following are x64
> since otherwise syscall=10 makes no sense.
x86_64
>> type=AVC msg=audit(1134326070.107:1325): avc: denied { execmem } for
>> pid=28368 comm="mplayer"
>> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
>> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
>> type=SYSCALL msg=audit(1134326070.107:1325): arch=c000003e syscall=10
>> success=no exit=-13 a0=7fffff8a5000 a1=1000 a2=1000007 a3=1 items=0
>> pid=28368 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
>> egid=500 sgid=500 fsgid=500 comm="mplayer" exe="/usr/bin/mplayer"
>>
>> type=AVC msg=audit(1134326066.831:1324): avc: denied { execmem } for
>> pid=28361 comm="python"
>> scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
>> tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
>> type=SYSCALL msg=audit(1134326066.831:1324): arch=c000003e syscall=10
>> success=no exit=-13 a0=7fffff863000 a1=1000 a2=1000007 a3=1 items=0
>> pid=28361 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
>> egid=500 sgid=500 fsgid=500 comm="python" exe="/usr/bin/python"
>
> Both a mprotect calls but because x64 does not allow text relocations
> the reason must be in the program logic. Definitely wrong code but what
> remains to be seen.
>
> Try using strace to determine what the programs try to do.
I will try to isolate the problem. This was just a quick scan of
yesterday's audit.log. I installed a lot of new python packages at that
time, so pinpointing the problem is going to take some time.
Regards,
--
Nicolas Mailhot
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
