From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7 Description of problem: The /opt/google-earth/googleearth-bin application attempted to change the access protection of memory on the heap (e,g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The http://people.redhat.com/drepper/selinux-mem.html web page explains how to remove this requirement. If /opt/google-earth/googleearth- bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Version-Release number of selected component (if applicable): selinux-policy-2.6.4-57.fc7 How reproducible: Couldn't Reproduce Steps to Reproduce: 1. Clicked on placemark link in GoogleEarth newsletter email. 2. After file downloaded, GoogleEarth was started. 3. Selinx generated warning. Actual Results: Selinux generated this warning, so I'm sending it in as requested. Expected Results: selinx warning should not happen, but this is probably a googleearth problem, so they should fix it. Additional info: Source Context user_u:system_r:unconfined_t Target Context user_u:system_r:unconfined_t Target Objects None [ process ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-57.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.allow_execheap Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.1-21.fc7 #1 SMP Thu Nov 1 21:09:24 EDT 2007 i686 athlon Alert Count 5 First Seen Mon 05 Nov 2007 12:52:03 PM GMT Last Seen Tue 04 Dec 2007 11:13:26 PM GMT Local ID b403a634-3ae3-49af-b249-fc2ea946f7e4 Line Numbers Raw Audit Messages avc: denied { execheap } for comm="googleearth-bin" egid=500 euid=500 exe="/opt /google-earth/googleearth-bin" exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=2722 scontext=user_u:system_r:unconfined_t:s0 sgid=500 subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=process tcontext=user_u:system_r:unconfined_t:s0 tty=(none) uid=500
Yes report this to google. I have just installed it on my Rawhide system, and I am not seeing any avc's. Thanks for reporting this and make sure you point them at this link shttp://people.redhat.com/~drepper/selinux-mem.html