Bug 542237

Summary: SELinux is preventing hidcon.exe from loading /home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe which requires text relocation.
Product: [Fedora] Fedora Reporter: Alberto <dexapier>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:bd213c30f1723cf9dcea44309bd01f4b3b4ee418c7a5df40cae1909d118a761a
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-30 11:40:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alberto 2009-11-28 23:23:10 UTC 
Resúmen:

SELinux is preventing hidcon.exe from loading
/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe which requires
text relocation.

Descripción Detallada:

[SELinux esta en modo permisivo. Este acceso no fue denegado.]

The hidcon.exe application attempted to load
/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe which requires
text relocation. This is a potential security problem. Most libraries do not
need this permission. Libraries are sometimes coded incorrectly and request this
permission. The SELinux Memory Protection Tests
(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe to use relocation
as a workaround, until the library is fixed. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Permitiendo Acceso:

If you trust /home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe to
run correctly, you can change the file context to textrel_shlib_t. "chcon -t
textrel_shlib_t '/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe'"
You must also change the default file context files on the system in order to
preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t
'/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe'"

Comando para Corregir:

chcon -t textrel_shlib_t
'/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe'

Información Adicional:

Contexto Fuente               unconfined_u:unconfined_r:unconfined_execmem_t:s0-
                              s0:c0.c1023
Contexto Destino              unconfined_u:object_r:user_home_dir_t:s0
Objetos Destino               /home/albert/.wine/drive_c/windows/temp/7zS379.tmp
                              /hidcon.exe [ file ]
Fuente                        hidcon.exe
Dirección de Fuente          /usr/bin/wine-preloader
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          wine-core-1.1.32-1.fc11
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.12-86.fc11
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Permissive
Nombre de Plugin              allow_execmod
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.30.9-96.fc11.i586 #1 SMP
                              Tue Nov 3 23:33:04 EST 2009 i686 i686
Cantidad de Alertas           1
Visto por Primera Vez         mar 10 nov 2009 00:55:59 CET
Visto por Última Vez         mar 10 nov 2009 00:55:59 CET
ID Local                      e7759f7e-5367-45d4-9c76-196c47cd7e7b
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1257810959.229:20): avc:  denied  { execmod } for  pid=3594 comm="hidcon.exe" path="/home/albert/.wine/drive_c/windows/temp/7zS379.tmp/hidcon.exe" dev=sda6 ino=266668 scontext=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1257810959.229:20): arch=40000003 syscall=125 success=yes exit=0 a0=400000 a1=1000 a2=5 a3=1 items=0 ppid=3575 pid=3594 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="hidcon.exe" exe="/usr/bin/wine-preloader" subj=unconfined_u:unconfined_r:unconfined_execmem_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-86.fc11,allow_execmod,hidcon.exe,unconfined_execmem_t,user_home_dir_t,file,execmod
audit2allow suggests:

#============= unconfined_execmem_t ==============
allow unconfined_execmem_t user_home_dir_t:file execmod;
Comment 1 Miroslav Grepl 2009-11-30 11:40:15 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***