-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/14/2010 05:02 PM, Daniel B. Thurman wrote: > > Not sure what this means, but it sound omimous... > Using the latest updates. > > ================================================== > Summary: > > Your system may be seriously compromised! /usr/bin/nautilus (deleted) > attempted > to mmap low kernel memory. > > Detailed Description: > > SELinux has denied the nautilus the ability to mmap low area of the kernel > address space. The ability to mmap a low area of the address space, as > configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps > protect against exploiting null deref bugs in the kernel. All > applications that > need this access should have already had policy written for them. If a > compromised application tries modify the kernel this AVC would be generated. > This is a serious issue. Your system may very well be compromised. > > Allowing Access: > > Contact your security administrator and report this issue. > > Additional Information: > > Source Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects None [ memprotect ] > Source nautilus > Source Path /usr/bin/nautilus (deleted) > Port <Unknown> > Host (removed) > Source RPM Packages > Target RPM Packages > Policy RPM selinux-policy-3.7.19-74.fc13 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Plugin Name mmap_zero > Host Name (removed) > Platform Linux <host>.<domain>.com > 2.6.34.7-61.fc13.i686 #1 SMP > Tue Oct 19 04:42:47 UTC 2010 i686 i686 > Alert Count 1186 > First Seen Thu 09 Dec 2010 12:08:59 PM PST > Last Seen Thu 09 Dec 2010 12:13:09 PM PST > Local ID aba9eed1-e6cf-48cb-80c4-88ccf2d90f43 > Line Numbers > > Raw Audit Messages > > node=<host>.<domain>.com type=AVC msg=audit(1291925589.462:92406): avc: > denied { mmap_zero } for pid=26679 comm="nautilus" > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=memprotect > > node=<host>.<domain>.com type=SYSCALL msg=audit(1291925589.462:92406): > arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=a000 a2=3 a3=22 > items=0 ppid=2663 pid=26679 auid=500 uid=500 gid=500 euid=500 suid=500 > fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nautilus" > exe=2F7573722F62696E2F6E617574696C7573202864656C6574656429 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > THis is bad. I have no idea why it would need this and it should be denied. Did you try to execute a wine app? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0H84MACgkQrlYvE4MpobNn+gCgr8W/ce+ctKA7YQJCnkGVR2Xs ue4AoJ34wpjpKxqv9V9PcOy9Ymy0qio1 =VG0E -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux