Description of problem: On a freshly installed rawhide system: audit(1142281782.485:707): avc: denied { execheap } for pid=32722 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process Also: lots of: audit(1142282037.478:751): avc: granted { execstack } for pid=1048 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process audit(1142282037.478:752): avc: granted { execmem } for pid=1048 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.23-15
Can you tell me what I should be doing about the following? audit(1142282037.478:751): avc: granted { execstack } for pid=1048 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process audit(1142282037.478:752): avc: granted { execmem } for pid=1048 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process Presumably some program needs to get fixed so that it doesn't need execstack and execmem priviledges, but how do I find out which one? These messages trigger daily logwatch emails: --------------------- Selinux Audit Begin ------------------------ *** Grants *** user_u user_u (process): 81 times so it's an annoyance. But before I configure logwatch to ignore grant messages, I figured I'd try to see if I can fix them properly.
The audit(1144487527.582:5): avc: denied { execheap } for pid=8497 comm="ld-linux.so.2" scontext=system_u:system_r:crond_t:s0 tcontext=system_u:system_r:crond_t:s0 tclass=process message also appears on fc5 with glibc-2.4-4 and selinux-policy-2.2.29-3. It appears a few times everytime prelink is run.
Added prelink policy fixed in current policy
Confirmed.