Bug 467054

Summary: SELinux is preventing nexuiz-sdl from changing a writable memory segment executable.
Product: [Fedora] Fedora Reporter: cgrim <cgrim>
Component: nexuizAssignee: Gwyn Ciesla <gwync>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: gwync
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-20 18:49:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description cgrim 2008-10-15 14:13:28 UTC 
Description of problem:
The nexuiz-sdl application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If nexuiz-sdl does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed.

Version-Release number of selected component (if applicable):
Name       : nexuiz
Arch       : x86_64
Version    : 2.4.2
Release    : 3.fc10

How reproducible:
SELinux configured like this:
System Default Enforcing Mode = Enforcing
Current Enforcing Mode = Enforcing
System Default Policy Type = Targeted

Steps to Reproduce:
1. Enable SELinux as it's shown above
2. Login into the Gnome desktop
3. Run Nexuiz
  
Actual results:
Nexuiz did not start and SELinux TroubleShooter shows this message: SELinux is preventing nexuiz-sdl from changing a writable memory segment executable.

Expected results:
Nexuiz starts correctly.

Additional info:
In Fedora 9 was everything OK.
Now in Fedora 10 I'm using this workaround:
chcon -t unconfined_execmem_exec_t '/usr/bin/nexuiz-sdl'

Similar problems:
https://bugzilla.redhat.com/show_bug.cgi?id=467033
https://bugzilla.redhat.com/show_bug.cgi?id=467034
https://bugzilla.redhat.com/show_bug.cgi?id=467035
Comment 1 Gwyn Ciesla 2008-10-15 14:38:14 UTC 
See comment in https://bugzilla.redhat.com/show_bug.cgi?id=467033
Comment 2 Gwyn Ciesla 2008-10-20 18:49:57 UTC 
nvidia driver issue.