Bug 526333
| Summary: | setroubleshoot: Your system may be seriously compromised! /bin/dbus-daemon attempted to mmap low kernel memory. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Eric Paris <eparis> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:afcba5d89af3c33e1603872f4d15b2f8583e68877000a18914c891d911752055 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-10-05 14:11:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 525537 *** |
The following was filed automatically by setroubleshoot: Résumé: Your system may be seriously compromised! /bin/dbus-daemon attempted to mmap low kernel memory. Description détaillée: [dbus-daemon has a permissive type (system_dbusd_t). This access was not denied.] SELinux has denied the dbus-daemon the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Autoriser l'accès: Contact your security administrator and report this issue. Informations complémentaires: Contexte source system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 Contexte cible system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 Objets du contexte None [ memprotect ] source dbus-daemon Chemin de la source /bin/dbus-daemon Port <Inconnu> Hôte (removed) Paquetages RPM source dbus-1.2.16-5.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.32-11.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin mmap_zero Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31.1-48.fc12.x86_64 #1 SMP Fri Sep 25 16:57:40 EDT 2009 x86_64 x86_64 Compteur d'alertes 6 Première alerte mar. 29 sept. 2009 19:50:03 CEST Dernière alerte mar. 29 sept. 2009 19:50:03 CEST ID local 9bbf1488-caac-47a0-837a-d077b59ea021 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1254246603.310:9): avc: denied { mmap_zero } for pid=1292 comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=memprotect node=(removed) type=AVC msg=audit(1254246603.310:9): avc: denied { mmap_zero } for pid=1292 comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=memprotect node=(removed) type=AVC msg=audit(1254246603.310:9): avc: denied { mmap_zero } for pid=1292 comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1254246603.310:9): arch=c000003e syscall=125 success=yes exit=0 a0=7fff55422f64 a1=0 a2=7fff5268ee80 a3=7fff0cd03ce0 items=0 ppid=1 pid=1292 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-11.fc12,mmap_zero,dbus-daemon,system_dbusd_t,system_dbusd_t,memprotect,mmap_zero audit2allow suggests: #============= system_dbusd_t ============== allow system_dbusd_t self:memprotect mmap_zero;