Description of problem: A third-part software InSpectre, which is an utility aimed to investigate issues related to Meltdown and Spectre attacks, was run as administrator. $ su -c 'wine '/home/yk/Lataukset/InSpectre.exe'' SELinux is preventing wine-preloader from 'mmap_zero' accesses on the memprotect Unknown. ***** Plugin mmap_zero (53.1 confidence) suggests ************************* If you do not think wine-preloader should need to mmap low memory in the kernel. Then you may be under attack by a hacker, this is a very dangerous access. Do contact your security administrator and report this issue. ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If you want to allow mmap to low allowed Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean. Do setsebool -P mmap_low_allowed 1 ***** Plugin catchall (5.76 confidence) suggests ************************** If you believe that wine-preloader should be allowed mmap_zero access on the Unknown memprotect by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'wine-preloader' --raw | audit2allow -M my-winepreloader # semodule -X 300 -i my-winepreloader.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects Unknown [ memprotect ] Source wine-preloader Source Path wine-preloader Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-19.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.2-300.fc28.x86_64 #1 SMP Thu Apr 12 14:58:07 UTC 2018 x86_64 x86_64 Alert Count 4 First Seen 2018-04-17 10:05:59 CEST Last Seen 2018-04-17 10:07:36 CEST Local ID 24205348-633c-4181-873a-1c4fb5027d26 Raw Audit Messages type=AVC msg=audit(1523952456.304:325): avc: denied { mmap_zero } for pid=7322 comm="wine-preloader" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect permissive=0 Hash: wine-preloader,unconfined_t,unconfined_t,memprotect,mmap_zero Version-Release number of selected component: selinux-policy-3.14.1-19.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.4 hashmarkername: setroubleshoot kernel: 4.16.2-300.fc28.x86_64 type: libreport Potential duplicate: bug 1278290
Created attachment 1422943 [details] File: wine_InSpectre.txt
Hi, It's make sense that SELinux block this right? That tools is for testing critical security vulnerabilities and you reported bug to allow this kind of access. It doesn't make sense. If you would like to use it anyway, please use following boolean from your report: ***** Plugin catchall_boolean (42.6 confidence) suggests ****************** If you want to allow mmap to low allowed Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean. Do setsebool -P mmap_low_allowed 1