| Summary: | SELinux is preventing /usr/bin/wine-preloader from 'mmap_zero' accesses on the None . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | chico_de_mal_caracter, dominick.grift, dwalsh, johns2mt, mgrepl, mikhail.v.gavrilov |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:556de42f07a14aced49f309f1fd81291d8d0924f6c6268f28837f212304ae5df | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-01-30 12:15:34 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This is not something what we want to allow. The sealert tells you what to do. I just download SQLyog. Extract and begin install. Right, and wine requires access that we are not comfortable giving out by default. If you need this access, IE something actually blew up then turn on the boolean otherwise it is safer to keep it off. |
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.2-1.fc16.i686.PAE reason: SELinux is preventing /usr/bin/wine-preloader from 'mmap_zero' accesses on the None . time: Вс. 29 янв. 2012 12:14:11 description: :SELinux is preventing /usr/bin/wine-preloader from 'mmap_zero' accesses on the None . : :***** Plugin wine (48.1 confidence) suggests ******************************* : :If you want to ignore this AVC because it is dangerous and your wine applications are working correctly. :Then you must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean. :Do :# setsebool -P wine_mmap_zero_ignore 1 : :***** Plugin mmap_zero (48.1 confidence) suggests ************************** : :If you do not think /usr/bin/wine-preloader should need to mmap low memory in the kernel. :Then you may be under attack by a hacker, this is a very dangerous access. :Do :contact your security administrator and report this issue. : :***** Plugin catchall (5.26 confidence) suggests *************************** : :If you believe that wine-preloader should be allowed mmap_zero access on the <Unknown> by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 :Target Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 :Target Objects [ None ] :Source wine-preloader :Source Path /usr/bin/wine-preloader :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM <Unknown> :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.2.2-1.fc16.i686.PAE #1 SMP Thu Jan : 26 03:30:43 UTC 2012 i686 i686 :Alert Count 10 :First Seen Вс. 29 янв. 2012 12:13:43 :Last Seen Вс. 29 янв. 2012 12:13:55 :Local ID 3f5b6f3b-8c53-42e9-b653-a6b50def23e5 : :Raw Audit Messages :type=AVC msg=audit(1327817635.326:312): avc: denied { mmap_zero } for pid=6452 comm="wine-preloader" scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotectnode=(removed) type=SYSCALL msg=audit(1327817635.326:312): arch=40000003 syscall=90 success=no exit=-13 a0=bfc2cf38 a1=0 a2=bfc2cf38 a3=0 items=0 ppid=1 pid=6452 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="wine-preloader" exe="/usr/bin/wine-preloader" subj=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 key=(null) : : :Hash: wine-preloader,wine_t,wine_t,None,mmap_zero : :audit2allow : : :audit2allow -R : :