| Summary: | Adobe Flash Player run slow whith selinux enabled | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Marian <corcodel.marian> |
| Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | corcodel.marian, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-13 07:28:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Marian
2013-11-10 18:13:00 UTC
What AVC msgs are you getting? A the moment relabeling system for few times whith changing mount root a "ro" to "rw" args from grub.cfg and all is ok.
Only this message below appear but is not important:
SELinux is preventing /usr/bin/perl from using the execmem access on a process.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that perl should be allowed execmem access on processes labeled munin_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep munin-update /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:munin_t:s0-s0:c0.c1023
Target Context system_u:system_r:munin_t:s0-s0:c0.c1023
Target Objects [ process ]
Source munin-update
Source Path /usr/bin/perl
Port <Unknown>
Host 192-168-0-114.rdsnet.ro
Source RPM Packages perl-5.16.3-265.fc19.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-74.10.fc19.noarch selinux-
policy-3.12.1-74.11.fc19.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name 192-168-0-114.rdsnet.ro
Platform Linux 192-168-0-114.rdsnet.ro
3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18
UTC 2013 x86_64 x86_64
Alert Count 11
First Seen 2013-11-11 18:05:02 EET
Last Seen 2013-11-11 19:10:02 EET
Local ID 23157f1d-a030-482b-8379-13ec4bf0d92f
Raw Audit Messages
type=AVC msg=audit(1384189802.371:668): avc: denied { execmem } for pid=3845 comm="munin-update" scontext=system_u:system_r:munin_t:s0-s0:c0.c1023 tcontext=system_u:system_r:munin_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1384189802.371:668): arch=x86_64 syscall=mmap success=no exit=EACCES a0=3d252ca000 a1=3d000 a2=7 a3=812 items=0 ppid=3843 pid=3845 auid=988 uid=988 gid=984 euid=988 suid=988 fsuid=988 egid=984 sgid=984 fsgid=984 ses=16 tty=(none) comm=munin-update exe=/usr/bin/perl subj=system_u:system_r:munin_t:s0-s0:c0.c1023 key=(null)
Hash: munin-update,munin_t,munin_t,process,execmem
Is't normal to change rw instead ro args on grub. So you labeling is ok and not adobe is running correctly? You should be able to change your args for / to ro in grub and SELinux should work fine. |