Re: SELinux is preventing /usr/bin/vlc from changing the access protection of

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> memory on the heap
> To: fedora-test-list@xxxxxxxxxx
> Cc: fedora-selinux-list@xxxxxxxxxx
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> Message-ID: <47195.13984.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
> 
> Dear all,
> 
> I have finished installing vlc from livna-devel repo,
> and upon starting it, Selinux setroubleshooter greets
> me with the following:
> 
> What is a heap?  What should I do?
> 
> Thanks in Advance,
> 
> Antonio 
> 
> Summary
>     SELinux is preventing /usr/bin/vlc from changing
> the access protection of
>     memory on the heap.
> 
> Detailed Description
>     The /usr/bin/vlc application attempted to change
> the access protection of
>     memory on the heap (e.g., allocated using malloc).
>  This is a potential
>     security problem.  Applications should not be
> doing this. Applications are
>     sometimes coded incorrectly and request this
> permission.  The
>     http://people.redhat.com/drepper/selinux-mem.html
> web page explains how to
>     remove this requirement.  If /usr/bin/vlc does not
> work and you need it to
>     work, you can configure SELinux temporarily to
> allow this access until the
>     application is fixed. Please file a
>     http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
> 
> Allowing Access
>     If you want /usr/bin/vlc to continue, you must
> turn on the allow_execheap
>     boolean.  Note: This boolean will affect all
> applications on the system.
> 
>     The following command will allow this access:
>     setsebool -P allow_execheap=1
> 
> Additional Information        
> 
> Source Context               
> system_u:system_r:unconfined_t
> Target Context               
> system_u:system_r:unconfined_t
> Target Objects                None [ process ]
> Affected RPM Packages         vlc-0.8.6c-5.lvn8
> [application]
> Policy RPM                   
> selinux-policy-3.0.8-18.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.allow_execheap
> Host Name                     localhost.localdomain
> Platform                      Linux
> localhost.localdomain
>                              
> 2.6.23-0.222.rc9.git4.fc8 #1 SMP Sat Oct 6
>                               13:53:58 EDT 2007 i686
> i686
> Alert Count                   2
> First Seen                    Mon 08 Oct 2007 05:36:54
> PM CDT
> Last Seen                     Mon 08 Oct 2007 05:36:55
> PM CDT
> Local ID                     
> a7f4dbf5-ffcd-472d-b654-8d68c350adad
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { execheap } for comm=wxvlc egid=500
> euid=500 exe=/usr/bin/vlc
> exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=13225
> scontext=system_u:system_r:unconfined_t:s0 sgid=500
> subj=system_u:system_r:unconfined_t:s0 suid=500
> tclass=process
> tcontext=system_u:system_r:unconfined_t:s0 tty=(none)
> uid=500
> 
> 
> 
> 
>        
> ____________________________________________________________________________________
> Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you read what the troubleshoot told you?  It explains pretty much
your options.  You can turn off execheap protection, or you can not run
the program.  You should report this as a bug to the maintainers of vlc.

Follow the links provided by the troubleshooter to find out more about
execheap.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHDSpzrlYvE4MpobMRAnwdAKDnMI6TS4J5uaPPduS2ej/Ei7kC0gCfTiMU
aTOzgTNoH2vgLVT3OYwGa+Q=
=EsTw
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux