| Summary: | SELinux is preventing wine-preloader from 'mmap_zero' accesses on the memprotect Unknown. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fabio Feria <fferiag> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:0c2cc03a86c05163d29badd2cb3d7a1863dc3bf9e9d4aa68c908509b7523b86e;VARIANT_ID=server; | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-30 11:22:51 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This issue is connected to wine and playing games. Closing as WONTFIX. If you would like to fix it, report it on wine component. Thanks. |
Description of problem: SELinux is preventing wine-preloader from 'mmap_zero' accesses on the memprotect Unknown. ***** Plugin mmap_zero (53.1 confidence) suggests ************************* If no cree que wine-preloader debería necesitar realizar un mmap sobre la baja memoria en el kernel. Then podría estar siendo víctima de un ataque, este es un acceso muy peligroso. Do póngase en contacto con su administrador de seguridad e informe de este problema. ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If quiere allow mmap to low allowed Then debe informar a SELinux de ésto activando el booleano 'mmap_low_allowed'. Puede leer la página de manual 'None' para más detalles. Do setsebool -P mmap_low_allowed 1 ***** Plugin catchall (5.76 confidence) suggests ************************** If cree que de manera predeterminada, wine-preloader debería permitir acceso mmap_zero sobre Unknown memprotect. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'wine-preloader' --raw | audit2allow -M my-winepreloader # semodule -X 300 -i my-winepreloader.pp Additional Information: Source Context system_u:system_r:unconfined_service_t:s0 Target Context system_u:system_r:unconfined_service_t:s0 Target Objects Unknown [ memprotect ] Source wine-preloader Source Path wine-preloader Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.21.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.6.7-200.fc23.x86_64 #1 SMP Wed Aug 17 14:24:53 UTC 2016 x86_64 x86_64 Alert Count 5 First Seen 2016-08-29 17:15:11 COT Last Seen 2016-08-29 17:15:11 COT Local ID 930f725d-6ffb-40dc-81ff-16477363b6ca Raw Audit Messages type=AVC msg=audit(1472508911.323:268): avc: denied { mmap_zero } for pid=2710 comm="wine-preloader" scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=memprotect permissive=0 Hash: wine-preloader,unconfined_service_t,unconfined_service_t,memprotect,mmap_zero Version-Release number of selected component: selinux-policy-3.13.1-158.21.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.6.7-200.fc23.x86_64 type: libreport