Red Hat Bugzilla – Bug 186108
Not allowing execmem and execmod breaks gnome desktop
Last modified: 2007-11-30 17:11:27 EST
Description of problem:
I installed FC5. /home was kept from previous FC4 install, but the problem
happened as root which has home directory on the new /.
I was using the default targetted policy in enforcing mode, had both gnome and
kde installed and tried to tighten up security but not disallowing executing out
of writeable memory (which was allowed by default).
This cause some problems when signed on using a gnome desktop. When I would
run the terminal program it would appear in the far upper left corner, was not
draggable and the menu bar was different (notablably the 'X' close icon was
missing). I also couldn't get some of the gnome configuration applications
('windows') to run.
Version-Release number of selected component (if applicable):
This was the version on the FC5 DVD iso.
Steps to Reproduce:
setsebool -P allow_execmem=1 allow_execstack=1
should turn on these privs.
I have turned off execmem and execstack checking to be able to use the system.
I reported the issue because feedback on security features has been solicited
and I expect that at some point Gnome is supposed to work with those checks on
or policies specific to Gnome will allow them, so that they can be on by default
for other processes.
Please report the AVC messages?
Created attachment 128038 [details]
avc log extracts
I generated this file by running
grep AVC /var/log/audit/* | grep denied > avc
and then removed entries mentioning 'ifconfig' as I believe those were old
messages and didn't apply to the current issue.
*** This bug has been marked as a duplicate of 189354 ***