Bug 411281 - SELinux is preventing /opt/google-earth/googleearth-bin from changing the access protection of memory on the heap.
SELinux is preventing /opt/google-earth/googleearth-bin from changing the acc...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
i686 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-12-04 18:42 EST by Andy Blight
Modified: 2007-12-05 10:42 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-05 10:42:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andy Blight 2007-12-04 18:42:01 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070914 Firefox/

Description of problem:
The /opt/google-earth/googleearth-bin application attempted to change the
    access protection of memory on the heap (e,g., allocated using malloc).
    This is a potential security problem.  Applications should not be doing
    this. Applications are sometimes coded incorrectly and request this
    permission.  The http://people.redhat.com/drepper/selinux-mem.html web page
    explains how to remove this requirement.  If /opt/google-earth/googleearth-
    bin does not work and you need it to work, you can configure SELinux
    temporarily to allow this access until the application is fixed. 

Version-Release number of selected component (if applicable):

How reproducible:
Couldn't Reproduce

Steps to Reproduce:
1. Clicked on placemark link in GoogleEarth newsletter email.
2. After file downloaded, GoogleEarth was started.
3. Selinx generated warning.

Actual Results:
Selinux generated this warning, so I'm sending it in as requested.

Expected Results:
selinx warning should not happen, but this is probably a googleearth problem, so they should fix it.

Additional info:
Source Context                user_u:system_r:unconfined_t
Target Context                user_u:system_r:unconfined_t
Target Objects                None [ process ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.6.4-57.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execheap
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain #1 SMP
                              Thu Nov 1 21:09:24 EDT 2007 i686 athlon
Alert Count                   5
First Seen                    Mon 05 Nov 2007 12:52:03 PM GMT
Last Seen                     Tue 04 Dec 2007 11:13:26 PM GMT
Local ID                      b403a634-3ae3-49af-b249-fc2ea946f7e4
Line Numbers                  

Raw Audit Messages            

avc: denied { execheap } for comm="googleearth-bin" egid=500 euid=500 exe="/opt
/google-earth/googleearth-bin" exit=-13 fsgid=500 fsuid=500 gid=500 items=0
pid=2722 scontext=user_u:system_r:unconfined_t:s0 sgid=500
subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=process
tcontext=user_u:system_r:unconfined_t:s0 tty=(none) uid=500
Comment 1 Daniel Walsh 2007-12-05 10:42:59 EST
Yes report this to google.  I have just installed it on my Rawhide system, and I
am not seeing any avc's.

Thanks for reporting this and make sure you point them at this link


Note You need to log in before you can comment on or make changes to this bug.