Re: selinux and blueman applet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 01/07/2013 11:51 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/06/2013 06:55 PM, nonamedotc wrote:
Could anyone please shed some light on this selinux warning?

SELinux is preventing /usr/bin/python2.7 from using the execmem access on
a process.

Plugin: catchall you want to allow python2.7 to have execmem access on the
processIf you believe that python2.7 should be allowed execmem access on
processes labeled blueman_t by default. You should report this as a bug.
You can generate a local policy module to allow this access. Allow this
access for now by executing: # grep blueman-mechani
/var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp


This selinux alert appears on every login. Thanks.

http://www.akkadia.org/drepper/selinux-mem.html

execmem access is basically allowing an application to write and execute the
same memory.   This is required for most buffer overflow attacks.  We prevent
most confined applications from this access. Some tools need this kind of
access, usually needed for JIT compiled apps like mono and java.  But few
applications actually need it.

What avc did you get?  Did you open a bugzilla with selinux-policy or bluman?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDrCz0ACgkQrlYvE4MpobNFtwCguO2SfFhjqllesTm/cJjSXsk+
LLQAoL58MoZGm3DgYRBvZYsYPKzfEAa4
=FYNK
-----END PGP SIGNATURE-----
O.K. So, re-enabled blueman and this is the avc I get.

Source process:         /usr/bin/python2.7
Attempted this access:  execmem

Troubleshooting tab shows how to generate local policy to allow access.

Thanks again.

--
nonamedotc

--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux