Bug 186108 - Not allowing execmem and execmod breaks gnome desktop
Not allowing execmem and execmod breaks gnome desktop
Status: CLOSED DUPLICATE of bug 189354
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
All Linux
medium Severity low
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-21 12:45 EST by Bruno Wolff III
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-20 11:09:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
avc log extracts (5.09 KB, text/plain)
2006-04-20 10:17 EDT, Bruno Wolff III
no flags Details

  None (edit)
Description Bruno Wolff III 2006-03-21 12:45:06 EST
Description of problem:
I installed FC5. /home was kept from previous FC4 install, but the problem
happened as root which has home directory on the new /.
I was using the default targetted policy in enforcing mode, had both gnome and
kde installed and tried to tighten up security but not disallowing executing out
of writeable memory (which was allowed by default).
This cause some problems when signed on using a gnome desktop. When I would
run the terminal program it would appear in the far upper left corner, was not
draggable and the menu bar was different (notablably the 'X' close icon was
missing). I also couldn't get some of the gnome configuration applications
('windows') to run.


Version-Release number of selected component (if applicable):
This was the version on the FC5 DVD iso.


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2006-04-03 12:24:15 EDT
setsebool -P allow_execmem=1 allow_execstack=1

should turn on these privs. 

Comment 2 Bruno Wolff III 2006-04-07 16:03:30 EDT
I have turned off execmem and execstack checking to be able to use the system.
I reported the issue because feedback on security features has been solicited
and   I expect that at some point Gnome is supposed to work with those checks on
or policies specific to Gnome will allow them, so that they can be on by default
for other processes.
Comment 3 Daniel Walsh 2006-04-11 16:58:19 EDT
Please report the AVC messages?
Comment 4 Bruno Wolff III 2006-04-20 10:17:45 EDT
Created attachment 128038 [details]
avc log extracts

I generated this file by running
grep AVC /var/log/audit/* | grep denied > avc
and then removed entries mentioning 'ifconfig' as I believe those were old
messages and didn't apply to the current issue.
Comment 5 Daniel Walsh 2006-04-20 11:09:28 EDT

*** This bug has been marked as a duplicate of 189354 ***

Note You need to log in before you can comment on or make changes to this bug.