On Wed, Sep 01, 2010 at 03:49:14PM -0700, Antonio
Olivares wrote:
> Dear selinux experts,
>
> I have a sealert for running a windows program under wine. There
had been no problems on a Fedora 13 x86_64 machine till I installed
this program. I have not done anything yet. The program runs, but I
am hesitant to do anything; therefore I ask for your guidance as to
what should I do?
>
> Here's the alert:
>
>
> Summary:
>
> SELinux has prevented wine from performing an unsafe memory
operation.
>
> Detailed Description:
>
> SELinux denied an operation requested by wine-preloader, a program
used to run
> Windows applications under Linux. This program is known to use an
unsafe
> operation on system memory but so are a number of malware/exploit
programs which
> masquerade as wine. If you were attempting to run a Windows
program your only
> choices are to allow this operation and reduce your system
security against such
> malware or to refrain from running Windows applications under
Linux. If you were
> not attempting to run a Windows application this indicates you are
likely being
> attacked by some for of malware or program trying to exploit your
system for
> nefarious purposes. Please refer to
>
http://wiki.winehq.org/PreloaderPageZeroProblem
Which outlines the other
> problems wine encounters due to its unsafe use of memory and
solutions to those
> problems.
>
> Allowing Access:
>
> If you decide to continue to run the program in question you will
need to allow
> this operation. This can be done on the command line by executing:
# setsebool
> -P mmap_low_allowed 1
>
> Fix Command:
>
> /usr/sbin/setsebool -P mmap_low_allowed 1
>
> Additional Information:
>
> Source Context
unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
> Target Context
unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
> Target Objects None [ memprotect ]
> Source wine-preloader
> Source Path /usr/bin/wine-preloader
> Port <Unknown>
> Host n6355-50168
> Source RPM Packages wine-core-1.2.0-2.fc13
> Target RPM Packages
> Policy RPM selinux-policy-3.7.19-47.fc13
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name wine
> Host Name n6355-50168
> Platform Linux n6355-50168
2.6.33.8-149.fc13.x86_64 #1 SMP
> Tue Aug 17 22:53:15 UTC 2010 x86_64
x86_64
> Alert Count 10
> First Seen Fri 27 Aug 2010 11:45:10 AM CDT
> Last Seen Wed 01 Sep 2010 09:32:26 AM CDT
> Local ID ab7d4dae-5686-4d47-ab3b-4ea134844ade
> Line Numbers
>
> Raw Audit Messages
>
> node=n6355-50168 type=AVC msg=audit(1283351546.640:36): avc:
denied { mmap_zero } for pid=4115 comm="wine-preloader"
scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
tclass=memprotect
>
> node=n6355-50168 type=SYSCALL msg=audit(1283351546.640:36):
arch=40000003 syscall=90 success=no exit=-13 a0=ffe4a850 a1=0
a2=ffe4a850 a3=5a items=0 ppid=4088 pid=4115 auid=500 uid=500 gid=500
euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none)
ses=1 comm="wine-preloader" exe="/usr/bin/wine-preloader"
subj=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 key=(null)
>
>
>
> I run the windows program correctly and with no problems, just
that when I start the program I see the sealert(warning). I don't
really want to give this program what it is wanting for me to do, but I
also don't want to see the warning everytime. How should I approach
this matter?
