Bug 250879 - SELinux-Boolean-Memory Protection Lines Allowed By Default
SELinux-Boolean-Memory Protection Lines Allowed By Default
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-03 21:31 EDT by rk00253
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-06 09:59:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
KEdit file (1.26 KB, text/plain)
2007-08-03 21:31 EDT, rk00253
no flags Details

  None (edit)
Description rk00253 2007-08-03 21:31:11 EDT
Description of problem:
By default, two SELinux-Boolean-Memory Protection lines are "allowed":
1 - "Allow unconfined executables to make their stack executable"
2 - "Allow Unconfined Executables to map a memory region as both executable and
writable".  Both lines include warnings to the effect that, if allowed, "this
executable" should be reported to bugzilla.  I reported this same situation as
Bug#235103 for Fedora Core 6, but didn't have any additional information to add
to that bug report.  That report is now closed.

Version-Release number of selected component (if applicable):
ver. 2.6.4-29.fc7


How reproducible:
New install, with default packages installed.
Comment 1 rk00253 2007-08-03 21:31:11 EDT
Created attachment 160684 [details]
KEdit file
Comment 2 rk00253 2007-08-03 22:40:23 EDT
I didn't realize that when the new install of Fedora 7 updated, SELinux Policy
also updated.  The correct version is: 2.6.4-30.fc7.
Comment 3 Daniel Walsh 2007-08-06 09:59:10 EDT
This is intended for FC7 to have these turned on.  The problem is lots of
applications have this bad behavior built into them, and we wanted to give
applications a chance to fix these problems.  Currently Rawhide/FC8 has them
turned off by default.
Comment 4 rk00253 2007-08-08 12:24:01 EDT
Here is the response from the Livna Bugzilla team concerning the SELinux lines
in question:

"Thx for this feedback Rqbert L. Kief !

That was hard but now this issue have to be documented!
Maybe we (Steward and I) can raise this problem to nvidia; but until then, we
need to have this info written in our Fedora forums...

I will update the french wiki as soon as i'm back from vacation..."

Obviously, they were unaware of the SELinux-Memory Protection issue.  Would I be
correct in assuming that the various bugzilla groups depend on the users to let
them know of these interconnected problems?  Would that be the reason that the
warning text was left on the indicated lines in the Memory Protection area? 
This is the only way to bring these problems to the attention of the required
groups?

Thanks,
RLK

Note You need to log in before you can comment on or make changes to this bug.