Description of problem: When starting OOo calc, I get a SELinux alert. Version-Release number of selected component (if applicable): 1:2.3.0-6.4.fc7 How reproducible: Always Steps to Reproduce: 1. Open OpenOffice.Org Calc Actual results: SELinux alert Expected results: No SELinux alert Additional info: Summary SELinux is preventing /usr/lib/openoffice.org/program/scalc.bin from changing the access protection of memory on the heap. Detailed Description The /usr/lib/openoffice.org/program/scalc.bin application attempted to change the access protection of memory on the heap (e,g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /usr/lib/openoffice.org/program/scalc.bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access If you want /usr/lib/openoffice.org/program/scalc.bin to continue, you must turn on the allow_execheap boolean. Note: This boolean will affect all applications on the system. The following command will allow this access: setsebool -P allow_execheap=1 Additional Information Source Context user_u:system_r:unconfined_execmem_t Target Context user_u:system_r:unconfined_execmem_t Target Objects None [ process ] Affected RPM Packages openoffice.org-calc-2.3.0-6.4.fc7 [application] Policy RPM selinux-policy-2.6.4-49.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execheap Host Name medora-desktop Platform Linux medora-desktop 2.6.23.1-10.fc7 #1 SMP Fri Oct 19 15:39:08 EDT 2007 i686 athlon Alert Count 1 First Seen Sa 03 Nov 2007 00:39:35 CET Last Seen Sa 03 Nov 2007 00:39:35 CET Local ID 2d3c3908-5fd6-433b-8be7-37f73470c225 Line Numbers Raw Audit Messages avc: denied { execheap } for comm="scalc.bin" egid=502 euid=502 exe="/usr/lib/openoffice.org/program/scalc.bin" exit=-13 fsgid=502 fsuid=502 gid=502 items=0 pid=25264 scontext=user_u:system_r:unconfined_execmem_t:s0 sgid=502 subj=user_u:system_r:unconfined_execmem_t:s0 suid=502 tclass=process tcontext=user_u:system_r:unconfined_execmem_t:s0 tty=(none) uid=502
Also happens with writer..
But we *do* follow ulrichs suggestions for getting anonymous executable memory. And it launches just for for me on enforcing mode on an up to date F-7 box. And there's no use of mprotect by OOo directly by itself. Have you anything *else* going on, e.g. can you launch glxgears (from glx-utils) ?
> And it launches just for for me on enforcing mode on an up to date F-7 box. It launches for me, also. But I get that SELinux warning. Now closed everything (Evolution, Rhythmbox, Update notifier application) and I did not get any warning.
I mean, it launches for me and there are no selinux warnings at all.
weird, now i do not get them anymore.. i'll reopen when i re-experience the bug.
I'm reopening, since I'm getting this now on a fully updated F-8 box openoffice.org-calc-2.3.0-6.6.fc8, i386 architecture
And I have a fully up to date F-8 box with selinux enabled in targeted mode on i386 and no problems with OOo. So what's the output of ... grep drivers /var/log/Xorg.0.log
Using the nvidia driver - /usr/lib/xorg/modules//drivers/nvidia_drv.so Is this is "you're using proprietary crud, you get what you asked for" issue? BTW, I also get that on swriter now
Well, the deadly finger of suspicion points to it, or to the replacement libGL* libraries that I believe comes with the nvidia X driver. If this can be reproduced *without* the nvidia driver then that's another story of course. Nevertheless, what's the source and version of your nvidia driver, some specific rpm from livna.org or directly from nvidia as some tarball/alternative rpm ?
xorg-x11-drv-nvidia-100.14.19-4.lvn8 from livna I'll switch back to mesa tonight and see
I also used the NVIDIA driver from Livna.
switching from nvidia gets rid of the messages, and then switching back brought them back again Thanks, sorry for the misleading bug report
I'm experiencing the same problem with the ATI proprietary driver from Livna, so it's not NVidia specific. Could it be that ATI and NVidia are doing the same mistakes ? o_O
*** Bug 448052 has been marked as a duplicate of this bug. ***