Bug 2103947

Summary: httpd_execmem required potentially unsafe
Product: [Fedora] Fedora EPEL Reporter: Jeffrey <jeffrey>
Component: lighttpdAssignee: Gwyn Ciesla <gwync>
Status: ASSIGNED --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel9CC: gwync, matthias, rhbugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeffrey 2022-07-05 11:22:55 UTC 
SELinux is preventing /usr/sbin/lighttpd from using the execmem access on a process

Stopping these errors requires manually setting the httpd_execmem boolean to true. RHEL documentation explains that setting this boolean to true lowers protection from buffer overflows and is potentially unsafe.

Is this an lighttpd issue? Should this be patched upstream or downstream?
Comment 1 Gwyn Ciesla 2022-07-28 16:05:43 UTC 
This is an SELinux policy issue. I believe it's been fixed in Fedora, and I'm not sure what the process is for getting that in EL-9.