Mike Leahy wrote:
Hello list,
I just asked about this problem earlier on fedora-test-list. When I
try to open the screensaver settings in Fedora test list, I got a
message related to denied access to libGL.so.1. Rahul clued me into
realizing that this is an SELinux issue. I set SELinux to permissive,
and this allowed me to open/edit the KDE screensaver settings.
Is there anything I should do to try changing the policies and/or is
this already a known issue?
If you really want this you can setsebool -P allow_execstack=1
You should report these as bugzilla's as they are potential security
problems . There is little if any reason to ever have an application
requiring execstack.
http://people.redhat.com/drepper/selinux-mem.html
Dan
Thanks for any suggestions,
Mike
type=USER_AUTH msg=audit(1140153148.074:1925): user pid=11876 uid=500
auid=500 msg='PAM: authentication acct=root : exe="/bin/su"
(hostname=?, addr=?, terminal=pts/5 res=success)'
type=USER_ACCT msg=audit(1140153148.074:1926): user pid=11876 uid=500
auid=500 msg='PAM: accounting acct=root : exe="/bin/su" (hostname=?,
addr=?, terminal=pts/5 res=success)'
type=USER_START msg=audit(1140153148.190:1927): user pid=11876 uid=500
auid=500 msg='PAM: session open acct=root : exe="/bin/su" (hostname=?,
addr=?, terminal=pts/5 res=success)'
type=CRED_ACQ msg=audit(1140153148.190:1928): user pid=11876 uid=500
auid=500 msg='PAM: setcred acct=root : exe="/bin/su" (hostname=?,
addr=?, terminal=pts/5 res=success)'
type=AVC msg=audit(1140153183.272:1929): avc: denied { execstack }
for pid=11897 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153183.272:1929): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11897 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
type=AVC msg=audit(1140153183.272:1930): avc: denied { execstack }
for pid=11897 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153183.272:1930): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11897 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
type=AVC msg=audit(1140153211.694:1931): avc: denied { execstack }
for pid=11900 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153211.694:1931): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11900 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
type=AVC msg=audit(1140153211.694:1932): avc: denied { execstack }
for pid=11900 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153211.694:1932): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11900 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
type=AVC msg=audit(1140153246.196:1933): avc: denied { execstack }
for pid=11903 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153246.196:1933): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11903 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
type=AVC msg=audit(1140153246.196:1934): avc: denied { execstack }
for pid=11903 comm="kcmshell"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1140153246.196:1934): arch=40000003 syscall=125
success=no exit=-13 a0=bfc01000 a1=1000 a2=1000007 a3=fffff000 items=0
pid=11903 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="kcmshell" exe="/usr/bin/kdeinit"
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
