Bug 435828 - SELinux is preventing /lib/ld-2.6.so from changing the access protection of memory on the heap.
SELinux is preventing /lib/ld-2.6.so from changing the access protection of m...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
i386 Linux
low Severity low
: ---
: ---
Assigned To: Josef Kubin
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-03 20:27 EST by Lawrence C. Manalac
Modified: 2008-03-07 11:18 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-07 11:18:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lawrence C. Manalac 2008-03-03 20:27:21 EST
The /lib/ld-2.6.so application attempted to change the access protection of
memory on the heap (e,g., allocated using malloc). This is a potential security
problem. Applications should not be doing this. Applications are sometimes coded
incorrectly and request this permission. The SELinux Memory Protection Tests web
page explains how to remove this requirement. If /lib/ld-2.6.so does not work
and you need it to work, you can configure SELinux temporarily to allow this
access until the application is fixed. Please file a bug report against this
package.


Source Context:  user_u:system_r:unconfined_tTarget
Context:  user_u:system_r:unconfined_tTarget Objects:  None [ process ]Affected
RPM Packages:  glibc-2.6-4 [application]Policy
RPM:  selinux-policy-2.6.4-70.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.allow_execheapHost
Name:  sdhcp-m-38.tpgi.com.auPlatform:  Linux sdhcp-m-38.tpgi.com.au
2.6.23.15-80.fc7 #1 SMP Sun Feb 10 17:29:10 EST 2008 i686 i686Alert
Count:  2First Seen:  Mon 03 Mar 2008 11:52:27 AM ESTLast Seen:  Mon 03 Mar 2008
06:09:07 PM ESTLocal ID:  6d9c914c-a17e-4c1e-8713-643c7a9cac21Line Numbers:  Raw
Audit Messages :avc: denied { execheap } for comm="ld-linux.so.2" egid=500
euid=500 exe="/lib/ld-2.6.so" exit=-13 fsgid=500 fsuid=500 gid=500 items=0
pid=25075 scontext=user_u:system_r:unconfined_t:s0 sgid=500
subj=user_u:system_r:unconfined_t:s0 suid=500 tclass=process
tcontext=user_u:system_r:unconfined_t:s0 tty=(none) uid=500
Comment 1 Josef Kubin 2008-03-07 11:18:40 EST
It doesn't look as a problem of SELinux. SELinux has revealed a badly written
application ...

To fix your problem try to tweak sebooleans:

# /usr/sbin/setsebool -P allow_execheap=1

Note You need to log in before you can comment on or make changes to this bug.