Tom London wrote:
Running latest rawhide, targeted/enforcing.
I seem to be getting execmem/execstack AVCs that I don't recall
getting before, e.g., from firefox, vmware, realplayer:
Believe this is from starting vmware:
type=AVC msg=audit(1163430106.494:54): avc: denied { execstack } for
pid=3462 comm="ld-linux.so.2"
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=AVC msg=audit(1163430106.494:54): avc: denied { execmem } for
pid=3462 comm="ld-linux.so.2" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163430106.494:54): arch=40000003 syscall=125
success=yes exit=0 a0=bfd55000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=3460 pid=3462 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="ld-linux.so.2"
exe="/lib/ld-2.5.90.so" subj=user_u:system_r:unconfined_t:s0
key=(null)
Believe this is from starting realplayer:
type=AVC msg=audit(1163429593.548:23): avc: denied { execmem } for
pid=3291 comm="realplay.bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163429593.548:23): arch=40000003 syscall=192
per=400000 success=yes exit=16433152 a0=0 a1=a01000 a2=7 a3=22 items=0
ppid=3286 pid=3291 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="realplay.bin"
exe="/usr/local/RealPlayer/realplay.bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
These from firefox:
type=AVC msg=audit(1163429690.683:30): avc: denied { execstack } for
pid=3327 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163429690.683:30): arch=40000003 syscall=125
success=no exit=-13 a0=bfb21000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3327 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
type=AVC msg=audit(1163429690.693:31): avc: denied { execstack } for
pid=3327 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163429690.693:31): arch=40000003 syscall=125
success=no exit=-13 a0=bfb21000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3327 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
Did I clobber an update somehow?
tom
No I just turned off allow_execstack boolean in Rawhide. Just to punish
you. :^)
The goal is to find these problems.
chcon -t unconfined_execmem_t /usr/local/RealPlayer/realplay.bin
Should fix.
Is firefox-bin dieing? Do you think this is a plugin? Is it trying to
run realplayer?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
