Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 313655 Details for
Bug 458214
SELinux is preventing totem-audio-pre from making the program stack executabl
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
AVC denial enforcing
totem_se_e.txt (text/plain), 3.09 KB, created by
Flóki Pálsson
on 2008-08-07 01:08:08 UTC
(
hide
)
Description:
AVC denial enforcing
Filename:
MIME Type:
Creator:
Flóki Pálsson
Created:
2008-08-07 01:08:08 UTC
Size:
3.09 KB
patch
obsolete
> >Summary: > >SELinux is preventing totem from changing a writable memory segment executable. > >Detailed Description: > >The totem application attempted to change the access protection of memory (e.g., >allocated using malloc). This is a potential security problem. Applications >should not be doing this. Applications are sometimes coded incorrectly and >request this permission. The SELinux Memory Protection Tests >(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to >remove this requirement. If totem does not work and you need it to work, you can >configure SELinux temporarily to allow this access until the application is >fixed. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. > >Allowing Access: > >If you trust totem to run correctly, you can change the context of the >executable to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t >'/usr/bin/totem'". You must also change the default file context files on the >system in order to preserve them even on a full relabel. "semanage fcontext -a >-t unconfined_execmem_exec_t '/usr/bin/totem'" > >Fix Command: > >chcon -t unconfined_execmem_exec_t '/usr/bin/totem' > >Additional Information: > >Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Objects None [ process ] >Source totem >Source Path /usr/bin/totem >Port <Unknown> >Host localhost.localdomain >Source RPM Packages totem-2.23.4-1.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.5.1-4.fc10 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_execmem >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.27-0.226.rc1.git5.fc10.x86_64 #1 SMP Tue Aug 5 > 03:13:09 EDT 2008 x86_64 x86_64 >Alert Count 3 >First Seen fim 7.ágú 2008, 00:57:02 GMT >Last Seen fim 7.ágú 2008, 01:04:52 GMT >Local ID 47b9710b-cdd0-471c-b2a6-7230be36fdf4 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1218071092.234:50): avc: denied { execmem } for pid=3544 comm="totem" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1218071092.234:50): arch=c000003e syscall=9 success=yes exit=0 a0=0 a1=a01000 a2=7 a3=22 items=0 ppid=1 pid=3544 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="totem" exe="/usr/bin/totem" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=313655">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 458214
: 313655 |
315428