--- On Mon, 6/8/09, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > From: Daniel J Walsh <dwalsh@xxxxxxxxxx> > Subject: Re: firefox on rawhide and selinux > To: "Antonio Olivares" <olivares14031@xxxxxxxxx> > Cc: fedora-selinux-list@xxxxxxxxxx > Date: Monday, June 8, 2009, 2:17 PM > On 06/08/2009 04:21 PM, Antonio > Olivares wrote: > > > > > > Summary: > > > > SELinux is preventing firefox from changing a writable > memory segment > > executable. > > > > Detailed Description: > > > > The firefox application attempted to change the access > protection of memory > > (e.g., allocated using malloc). This is a potential > security problem. > > Applications should not be doing this. Applications > are sometimes coded > > incorrectly and request this permission. The SELinux > Memory Protection Tests > > (http://people.redhat.com/drepper/selinux-mem.html) web > page explains how to > > remove this requirement. If firefox does not work and > you need it to work, you > > can configure SELinux temporarily to allow this access > until the application is > > fixed. Please file a bug report > > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > > > Allowing Access: > > > > If you trust firefox to run correctly, you can change > the context of the > > executable to unconfined_execmem_exec_t. "chcon -t > unconfined_execmem_exec_t > > '/usr/lib/firefox-3.5b4/firefox'". You must also > change the default file context > > files on the system in order to preserve them even on > a full relabel. "semanage > > fcontext -a -t unconfined_execmem_exec_t > '/usr/lib/firefox-3.5b4/firefox'" > > > > Fix Command: > > > > chcon -t unconfined_execmem_exec_t > '/usr/lib/firefox-3.5b4/firefox' > > > > Additional Information: > > > > Source Context > > unconfined_u:unconfined_r:unconfined_t:SystemLow- > > > > SystemHigh > > Target Context > > unconfined_u:unconfined_r:unconfined_t:SystemLow- > > > > SystemHigh > > Target Objects > None [ process ] > > Source > firefox > > Source Path > > /usr/lib/firefox-3.5b4/firefox > > Port<Unknown> > > Host > > localhost.localdomain > > Source RPM Packages > firefox-3.5-0.21.beta4.fc12 > > Target RPM Packages > > Policy RPM > selinux-policy-3.6.13-2.fc12 > > Selinux Enabled > True > > Policy Type > targeted > > MLS Enabled > True > > Enforcing Mode > Enforcing > > Plugin Name > allow_execmem > > Host Name > > localhost.localdomain > > Platform > Linux > localhost.localdomain > > > > 2.6.30-0.97.rc8.fc12.i586 #1 SMP Wed Jun 3 > > > > 09:55:34 EDT 2009 i686 i686 > > Alert Count > 8 > > First Seen > Mon 08 Jun 2009 12:27:54 PM CDT > > Last Seen > Mon 08 Jun 2009 > 12:28:08 PM CDT > > Local ID > > 0e0d62f4-09db-4ddf-987c-8210c45b9e70 > > Line Numbers > > > > Raw Audit Messages > > > > node=localhost.localdomain type=AVC > msg=audit(1244482088.874:27316): avc: denied { > execmem } for pid=2566 comm="firefox" > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=process > > > > node=localhost.localdomain type=SYSCALL > msg=audit(1244482088.874:27316): arch=40000003 syscall=192 > success=no exit=-13 a0=0 a1=2000 a2=7 a3=22 items=0 > ppid=2554 pid=2566 auid=500 uid=500 gid=500 euid=500 > suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) > ses=1 comm="firefox" exe="/usr/lib/firefox-3.5b4/firefox" > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > key=(null) > > > > > > > > > > Thanks, > > > > Antonio > > > > > > > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > Are you using flashplugin? Not sure which app is > causing the execmem. > Do you have nspluginwrapper installed? > both flashplugin and nspluginwrapper are installed :( updated rawhide as of yesterdays 20080607's report, I can't get todays updates, will apply them tomorrow when more mirrors are updated. Thanks, Antonio -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
