Bug 467034

Summary: SELinux is preventing compiz from changing a writable memory segment executable.
Product: [Fedora] Fedora Reporter: cgrim <cgrim>
Component: compizAssignee: Kristian Høgsberg <krh>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: krh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-16 07:12:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description cgrim 2008-10-15 11:33:01 UTC 
Description of problem:
The compiz application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If compiz does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed.

Version-Release number of selected component (if applicable):
Name       : compiz
Arch       : x86_64
Version    : 0.7.6
Release    : 11.fc10

How reproducible:
SELinux configured like this:
System Default Enforcing Mode = Enforcing
Current Enforcing Mode = Enforcing
System Default Policy Type = Targeted

Steps to Reproduce:
1. Enable SELinux as it's shown above
2. Login into the Gnome desktop
3. Run Compiz
  
Actual results:
Compiz did not start and SELinux TroubleShooter shows this message: SELinux is preventing compiz from changing a writable memory segment executable.

Expected results:
Compiz starts correctly.

Additional info:
Now I'm using this workaround:
chcon -t unconfined_execmem_exec_t '/usr/bin/compiz'
Comment 1 cgrim 2008-10-16 07:12:33 UTC 
There is the same problem as in https://bugzilla.redhat.com/show_bug.cgi?id=467033

So I'm changing status on CAN'T FIX ... and will contact nvidia.