Bug 250879 - SELinux-Boolean-Memory Protection Lines Allowed By Default
Summary: SELinux-Boolean-Memory Protection Lines Allowed By Default
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 7
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-04 01:31 UTC by rk00253
Modified: 2007-11-30 22:12 UTC (History)
0 users

Clone Of:
Last Closed: 2007-08-06 13:59:10 UTC

Attachments (Terms of Use)
KEdit file (1.26 KB, text/plain)
2007-08-04 01:31 UTC, rk00253
no flags Details

Description rk00253 2007-08-04 01:31:11 UTC
Description of problem:
By default, two SELinux-Boolean-Memory Protection lines are "allowed":
1 - "Allow unconfined executables to make their stack executable"
2 - "Allow Unconfined Executables to map a memory region as both executable and
writable".  Both lines include warnings to the effect that, if allowed, "this
executable" should be reported to bugzilla.  I reported this same situation as
Bug#235103 for Fedora Core 6, but didn't have any additional information to add
to that bug report.  That report is now closed.

Version-Release number of selected component (if applicable):
ver. 2.6.4-29.fc7

How reproducible:
New install, with default packages installed.

Comment 1 rk00253 2007-08-04 01:31:11 UTC
Created attachment 160684 [details]
KEdit file

Comment 2 rk00253 2007-08-04 02:40:23 UTC
I didn't realize that when the new install of Fedora 7 updated, SELinux Policy
also updated.  The correct version is: 2.6.4-30.fc7.

Comment 3 Daniel Walsh 2007-08-06 13:59:10 UTC
This is intended for FC7 to have these turned on.  The problem is lots of
applications have this bad behavior built into them, and we wanted to give
applications a chance to fix these problems.  Currently Rawhide/FC8 has them
turned off by default.

Comment 4 rk00253 2007-08-08 16:24:01 UTC
Here is the response from the Livna Bugzilla team concerning the SELinux lines
in question:

"Thx for this feedback Rqbert L. Kief !

That was hard but now this issue have to be documented!
Maybe we (Steward and I) can raise this problem to nvidia; but until then, we
need to have this info written in our Fedora forums...

I will update the french wiki as soon as i'm back from vacation..."

Obviously, they were unaware of the SELinux-Memory Protection issue.  Would I be
correct in assuming that the various bugzilla groups depend on the users to let
them know of these interconnected problems?  Would that be the reason that the
warning text was left on the indicated lines in the Memory Protection area? 
This is the only way to bring these problems to the attention of the required


Note You need to log in before you can comment on or make changes to this bug.