Description of problem: 1. Install steam from rpmfusion 2. Install Counter-Strike: Global Offensive 3. Launch CS:GO CSGO dies and I get an AVC denial. SELinux is preventing csgo_linux from using the 'execheap' accesses on a process. ***** Plugin allow_execheap (53.1 confidence) suggests ******************** If you do not think csgo_linux should need to map heap memory that is both writable and executable. Then you need to report a bug. This is a potentially dangerous access. Do contact your security administrator and report this issue. ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If you want to allow selinuxuser to execheap Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean. You can read 'None' man page for more details. Do setsebool -P selinuxuser_execheap 1 ***** Plugin catchall (5.76 confidence) suggests ************************** If you believe that csgo_linux should be allowed execheap access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep csgo_linux /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ process ] Source csgo_linux Source Path csgo_linux Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-105.3.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-03-01 13:48:02 EST Last Seen 2015-03-01 13:48:02 EST Local ID f28eae1e-bd34-46f8-8a83-90e82b3ef77f Raw Audit Messages type=AVC msg=audit(1425235682.667:545): avc: denied { execheap } for pid=7448 comm="csgo_linux" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0 Hash: csgo_linux,unconfined_t,unconfined_t,process,execheap Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.7-200.fc21.x86_64 type: libreport
If you want allow this, follow steps in your report. But we don't allow this.
*** Bug 1230735 has been marked as a duplicate of this bug. ***
Description of problem: Countr Strike Source was prevented by selinux from starting Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport
Description of problem: starting Counter Strike Global Offensive Version-Release number of selected component: selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.3-201.fc22.x86_64 type: libreport
Description of problem: Countr Strike Global Offensive on launch Version-Release number of selected component: selinux-policy-3.13.1-128.12.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.6-200.fc22.x86_64 type: libreport