> Dear all, > > Now I know why playing Penalty_Fever caused a problem. The > following is clear evidence :( > > > Summary: > > SELinux is preventing nspluginviewer from changing a > writable memory segment > executable. > > Detailed Description: > > The nspluginviewer application attempted to change the > access protection of > memory (e.g., allocated using malloc). This is a potential > security problem. > Applications should not be doing this. Applications are > sometimes coded > incorrectly and request this permission. The SELinux Memory > Protection Tests > (http://people.redhat.com/drepper/selinux-mem.html) web > page explains how to > remove this requirement. If nspluginviewer does not work > and you need it to > work, you can configure SELinux temporarily to allow this > access until the > application is fixed. Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against > this package. > > Allowing Access: > > If you trust nspluginviewer to run correctly, you can > change the context of the > executable to unconfined_execmem_exec_t. "chcon -t > unconfined_execmem_exec_t > '/usr/bin/nspluginviewer'". You must also > change the default file context files > on the system in order to preserve them even on a full > relabel. "semanage > fcontext -a -t unconfined_execmem_exec_t > '/usr/bin/nspluginviewer'" > > Fix Command: > > chcon -t unconfined_execmem_exec_t > '/usr/bin/nspluginviewer' > > Additional Information: > > Source Context > unconfined_u:unconfined_r:unconfined_t:SystemLow- > SystemHigh > Target Context > unconfined_u:unconfined_r:unconfined_t:SystemLow- > SystemHigh > Target Objects None [ process ] > Source nspluginviewer > Source Path /usr/bin/nspluginviewer > Port <Unknown> > Host localhost.localdomain > Source RPM Packages kdebase-4.1.0-1.fc10 > Target RPM Packages > Policy RPM selinux-policy-3.5.1-4.fc10 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name allow_execmem > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 2.6.26.1 #1 SMP Sat > Aug 2 21:36:01 CDT 2008 i686 > i686 > Alert Count 29 > First Seen Sun 03 Aug 2008 12:55:21 PM > CDT > Last Seen Sun 03 Aug 2008 12:55:21 PM > CDT > Local ID > 865503d3-baab-4dcd-adc0-47f8fff6ade6 > Line Numbers > > Raw Audit Messages > > host=localhost.localdomain type=AVC > msg=audit(1217786121.365:53): avc: denied { execmem } for > pid=3262 comm="nspluginviewer" > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=process > > host=localhost.localdomain type=SYSCALL > msg=audit(1217786121.365:53): arch=40000003 syscall=125 > success=no exit=-13 a0=b1aaa000 a1=1000 a2=5 a3=bfa32acc > items=0 ppid=3222 pid=3262 auid=500 uid=500 gid=500 euid=500 > suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) > ses=1 comm="nspluginviewer" > exe="/usr/bin/nspluginviewer" > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > key=(null) > > > This was an old bug and it returns to bite back :( > Is anybody else also encountering this problem? > > Regards, > > Antonio > > > > > -- BTW, the old bug with nspluginwrapper was here: https://bugzilla.redhat.com/show_bug.cgi?id=431708 It was closed. It looks a little bit different, now I am not sure if it is related? Thanks, Antonio -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list