On 12/14/2010 02:45 PM, Daniel J Walsh wrote: > On 12/14/2010 05:02 PM, Daniel B. Thurman wrote: > > > Not sure what this means, but it sound omimous... > > Using the latest updates. > > > ================================================== > > Summary: > > > Your system may be seriously compromised! /usr/bin/nautilus (deleted) > > attempted > > to mmap low kernel memory. > > > Detailed Description: > > > SELinux has denied the nautilus the ability to mmap low area of the > kernel > > address space. The ability to mmap a low area of the address space, as > > configured by /proc/sys/kernel/mmap_min_addr. Preventing such > mappings helps > > protect against exploiting null deref bugs in the kernel. All > > applications that > > need this access should have already had policy written for them. If a > > compromised application tries modify the kernel this AVC would be > generated. > > This is a serious issue. Your system may very well be compromised. > > > Allowing Access: > > > Contact your security administrator and report this issue. > > > Additional Information: > > > Source Context > > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > > 023 > > Target Context > > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > > 023 > > Target Objects None [ memprotect ] > > Source nautilus > > Source Path /usr/bin/nautilus (deleted) > > Port <Unknown> > > Host (removed) > > Source RPM Packages > > Target RPM Packages > > Policy RPM selinux-policy-3.7.19-74.fc13 > > Selinux Enabled True > > Policy Type targeted > > Enforcing Mode Enforcing > > Plugin Name mmap_zero > > Host Name (removed) > > Platform Linux <host>.<domain>.com > > 2.6.34.7-61.fc13.i686 #1 SMP > > Tue Oct 19 04:42:47 UTC 2010 i686 i686 > > Alert Count 1186 > > First Seen Thu 09 Dec 2010 12:08:59 PM PST > > Last Seen Thu 09 Dec 2010 12:13:09 PM PST > > Local ID aba9eed1-e6cf-48cb-80c4-88ccf2d90f43 > > Line Numbers > > > Raw Audit Messages > > > node=<host>.<domain>.com type=AVC msg=audit(1291925589.462:92406): avc: > > denied { mmap_zero } for pid=26679 comm="nautilus" > > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > tclass=memprotect > > > node=<host>.<domain>.com type=SYSCALL msg=audit(1291925589.462:92406): > > arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=a000 a2=3 a3=22 > > items=0 ppid=2663 pid=26679 auid=500 uid=500 gid=500 euid=500 suid=500 > > fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="nautilus" > > exe=2F7573722F62696E2F6E617574696C7573202864656C6574656429 > > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > THis is bad. I have no idea why it would need this and it should be > denied. Did you try to execute a wine app? > > Uh, I don't remember if I did, is there a way to tell if I did? I have another related one, should I post it together with this one or open a new post? It is a Nautilus problem as well. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux