Bug 178971 - OpenOffice apps need execmem
OpenOffice apps need execmem
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openoffice.org (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Caolan McNamara
: Security
: 178670 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-25 16:06 EST by Daniel Walsh
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 2.0.1.1-8.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-27 04:09:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenOffice.org 47132 None None None Never

  None (edit)
Description Daniel Walsh 2006-01-25 16:06:45 EST
Description of problem:

javaldx
simpress.bin
soffice.bin

time->Mon Jan 23 13:45:59 2006
type=SYSCALL msg=audit(1138041959.854:3075): arch=40000003 syscall=192
success=yes exit=2203648 a0=0 a1=10000 a2=7 a3=22 items=0 pid=2953
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="javaldx" exe="/usr/lib/openoffice.org2.0/program/javaldx"
type=AVC msg=audit(1138041959.854:3075): avc:  granted  { execmem } for 
pid=2953 comm="javaldx" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process
----
time->Mon Jan 23 10:08:25 2006
type=SYSCALL msg=audit(1138028905.062:2627): arch=40000003 syscall=192
success=yes exit=31760384 a0=0 a1=30000 a2=7 a3=22 items=0 pid=7589
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="soffice.bin"
exe="/usr/lib/openoffice.org2.0/program/soffice.bin"
type=AVC msg=audit(1138028905.062:2627): avc:  granted  { execmem } for 
pid=7589 comm="soffice.bin" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process

----
time->Mon Jan 23 13:46:07 2006
type=SYSCALL msg=audit(1138041967.702:3077): arch=40000003 syscall=192
success=yes exit=11841536 a0=0 a1=10000 a2=7 a3=22 items=0 pid=2966
auid=4294967295 uid=3267 gid=3267 euid=3267 suid=3267 fsuid=3267 egid=3267
sgid=3267 fsgid=3267 comm="simpress.bin"
exe="/usr/lib/openoffice.org2.0/program/simpress.bin"
type=AVC msg=audit(1138041967.702:3077): avc:  granted  { execmem } for 
pid=2966 comm="simpress.bin" scontext=user_u:system_r:unconfined_t:s0-s0:c0.c4
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c4 tclass=process


http://people.redhat.com/drepper/selinux-mem.html
Comment 1 Caolan McNamara 2006-01-26 03:28:47 EST
*** Bug 178670 has been marked as a duplicate of this bug. ***
Comment 2 Caolan McNamara 2006-01-26 03:34:11 EST
All mem alloced by OOo is PROT_EXEC because some allocs need to be executable to
make the remote bridge uno stuff work, e.g. pyuno. 

But I think we should be able to turn off PROT_EXEC during alloc and mprotect it
at the bridge location.
Comment 3 Caolan McNamara 2006-01-27 04:09:00 EST
Hopefully 2.0.1.1-8.2 resolves this

Note You need to log in before you can comment on or make changes to this bug.