2103947 – httpd_execmem required potentially unsafe

Bug 2103947 - httpd_execmem required potentially unsafe

Summary: httpd_execmem required potentially unsafe

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	lighttpd
Sub Component:
Version:	epel9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Gwyn Ciesla
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-05 11:22 UTC by Jeffrey
Modified:	2022-07-28 16:05 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Jeffrey 2022-07-05 11:22:55 UTC

SELinux is preventing /usr/sbin/lighttpd from using the execmem access on a process

Stopping these errors requires manually setting the httpd_execmem boolean to true. RHEL documentation explains that setting this boolean to true lowers protection from buffer overflows and is potentially unsafe.

Is this an lighttpd issue? Should this be patched upstream or downstream?

Comment 1 Gwyn Ciesla 2022-07-28 16:05:43 UTC

This is an SELinux policy issue. I believe it's been fixed in Fedora, and I'm not sure what the process is for getting that in EL-9.

Note You need to log in before you can comment on or make changes to this bug.