Bug 524852

Summary: setroubleshoot: SELinux is preventing /usr/bin/liferea "execmem" access on <Unknown>.
Product: [Fedora] Fedora Reporter: Alexey Torkhov <atorkhov>
Component: webkitgtkAssignee: Peter Gordon <peter>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: atorkhov, dwalsh, jkubin, martin.sourada, maxamillion, mbarnes, mgrepl, mtasaka, peter, smparrish, tc
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:853161d471c13af19cd6c69dbdc79a36f31d258a885eabc50f676eed6d42a29b
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 524762 Environment:
Last Closed: 2009-09-22 13:57:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 524762    
Bug Blocks:    

Description Alexey Torkhov 2009-09-22 13:42:55 UTC 
+++ This bug was initially created as a clone of Bug #524762 +++

Getting avcs from liferea on displaying of rss item:

node=rawhide.tortilla.ru type=AVC msg=audit(1253617043.92:245): avc: denied { execmem } for pid=12729 comm="liferea" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process 

node=rawhide.tortilla.ru type=SYSCALL msg=audit(1253617043.92:245): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=4000 a2=5 a3=22 items=0 ppid=1 pid=12729 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=1 comm="liferea" exe="/usr/bin/liferea" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

--- Additional comment from dwalsh on 2009-09-22 09:17:02 EDT ---

yelp should not need execmem privs.  Neither should liferea, you can open a bugzilla on that package.

Are these both clean installs.  Did you install any additional "codecs"?

--- Additional comment from atorkhov on 2009-09-22 09:39:56 EDT ---

In my case this is absolutely clean install - no packages from other repositories.

Oh, and this avc for liferea is happening on display of rss item page - may be it and yelp both use same library for displaying html which should have execmem?
Comment 1 Steven M. Parrish 2009-09-22 13:53:15 UTC 
This appears to be an issue with webkitgtk which is used to render the html.  going to reassign there.
Comment 2 Alexey Torkhov 2009-09-22 13:57:00 UTC 
Seems that it is already reported as bug 516057.

*** This bug has been marked as a duplicate of bug 516057 ***