On 11/13/06, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Tom London wrote:
> Running latest rawhide, targeted/enforcing.
>
> I seem to be getting execmem/execstack AVCs that I don't recall
> getting before, e.g., from firefox, vmware, realplayer:
>
> Believe this is from starting vmware:
> type=AVC msg=audit(1163430106.494:54): avc: denied { execstack } for
> pid=3462 comm="ld-linux.so.2"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=AVC msg=audit(1163430106.494:54): avc: denied { execmem } for
> pid=3462 comm="ld-linux.so.2" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163430106.494:54): arch=40000003 syscall=125
> success=yes exit=0 a0=bfd55000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=3460 pid=3462 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="ld-linux.so.2"
> exe="/lib/ld-2.5.90.so" subj=user_u:system_r:unconfined_t:s0
> key=(null)
>
> Believe this is from starting realplayer:
> type=AVC msg=audit(1163429593.548:23): avc: denied { execmem } for
> pid=3291 comm="realplay.bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163429593.548:23): arch=40000003 syscall=192
> per=400000 success=yes exit=16433152 a0=0 a1=a01000 a2=7 a3=22 items=0
> ppid=3286 pid=3291 auid=500 uid=500 gid=500 euid=500 suid=500
> fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts1 comm="realplay.bin"
> exe="/usr/local/RealPlayer/realplay.bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
>
> These from firefox:
> type=AVC msg=audit(1163429690.683:30): avc: denied { execstack } for
> pid=3327 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163429690.683:30): arch=40000003 syscall=125
> success=no exit=-13 a0=bfb21000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3327 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
> type=AVC msg=audit(1163429690.693:31): avc: denied { execstack } for
> pid=3327 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> type=SYSCALL msg=audit(1163429690.693:31): arch=40000003 syscall=125
> success=no exit=-13 a0=bfb21000 a1=1000 a2=1000007 a3=fffff000 items=0
> ppid=1 pid=3327 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
> exe="/usr/lib/firefox-2.0/firefox-bin"
> subj=user_u:system_r:unconfined_t:s0 key=(null)
>
> Did I clobber an update somehow?
>
> tom
No I just turned off allow_execstack boolean in Rawhide. Just to punish
you. :^)
The goal is to find these problems.
chcon -t unconfined_execmem_t /usr/local/RealPlayer/realplay.bin
Should fix.
Is firefox-bin dieing? Do you think this is a plugin? Is it trying to
run realplayer?
Thanks! I needed that 'recharge' to my normal paranoia level ;)
I 'fixed' RealPlayer and restarted firefox. Here is a bit more data:
1. Firefox does not die.
2. Seems to happen when I 'login' to my gmail account.
Seem to get multiple
type=AVC msg=audit(1163439760.769:49): avc: denied { execstack } for
pid=3652 comm="firefox-bin" scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=SYSCALL msg=audit(1163439760.769:49): arch=40000003 syscall=125
success=no exit=-13 a0=bfabe000 a1=1000 a2=1000007 a3=fffff000 items=0
ppid=1 pid=3652 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin"
exe="/usr/lib/firefox-2.0/firefox-bin"
subj=user_u:system_r:unconfined_t:s0 key=(null)
Also, vmware is still unhappy :-(
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
