Red Hat Bugzilla – Bug 1467430
SELinux is preventing cossacks from using the 'execheap' accesses on a process.
Last modified: 2017-08-19 02:54:24 EDT
Description of problem: Just launch Cossacks 3 game from steam library SELinux is preventing cossacks from using the 'execheap' accesses on a process. ***** Plugin allow_execheap (53.1 confidence) suggests ******************** If you do not think cossacks should need to map heap memory that is both writable and executable. Then you need to report a bug. This is a potentially dangerous access. Do contact your security administrator and report this issue. ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If you want to allow selinuxuser to execheap Then you must tell SELinux about this by enabling the 'selinuxuser_execheap' boolean. Do setsebool -P selinuxuser_execheap 1 ***** Plugin catchall (5.76 confidence) suggests ************************** If you believe that cossacks should be allowed execheap access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'cossacks' --raw | audit2allow -M my-cossacks # semodule -X 300 -i my-cossacks.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ process ] Source cossacks Source Path cossacks Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-259.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.11.8-300.fc26.x86_64+debug #1 SMP Thu Jun 29 19:47:25 UTC 2017 x86_64 x86_64 Alert Count 1 First Seen 2017-07-04 01:36:47 +05 Last Seen 2017-07-04 01:36:47 +05 Local ID 96f258a8-4ade-4bfc-9061-d7f81b89ee19 Raw Audit Messages type=AVC msg=audit(1499114207.64:17077): avc: denied { execheap } for pid=12962 comm="cossacks" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0 Hash: cossacks,unconfined_t,unconfined_t,process,execheap Version-Release number of selected component: selinux-policy-3.13.1-259.fc26.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.8-300.fc26.x86_64+debug type: libreport
Description of problem: The game - Cossacks 3 - was clean installed via Steam on freshly install Fedora 26. Stable Mesa (current version 17.1.5) is used. Upon launch, the game states this error. Version-Release number of selected component: selinux-policy-3.13.1-260.4.fc26.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.12.5-300.fc26.x86_64 type: libreport