Description of problem: updated did a full update one month after last update and it updated the kernel and openoffice on fc7 AMD system Version-Release number of selected component (if applicable): openoffice.org-impress - 1:2.3.0-6.8.fc7.i386 kernel - 2.6.23.17-88.fc7.i686 kernel-devel - 2.6.23.17-88.fc7.i686 kernel-headers - 2.6.23.17-88.fc7.i386 plus others How reproducible: everytime Steps to Reproduce: 1. starting ooo.org presentation 2. 3. Actual results: blocked by SELinux Expected results: ooo.org software not to access the memory heap. Additional info: Source Context: user_u:system_r:unconfined_execmem_t Target Context: user_u:system_r:unconfined_execmem_t Target Objects: None [ process ] Affected RPM Packages: openoffice.org-impress-2.3.0-6.8.fc7 [application] Policy RPM: selinux-policy-2.6.4-70.fc7 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.allow_execheap Host Name: localhost.localdomain Platform: Linux localhost.localdomain 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 athlon Alert Count: 1 First Seen: Thu 22 May 2008 11:22:33 PM PDT Last Seen: Thu 22 May 2008 11:27:04 PM PDT Local ID: 73d8dc12-f9c1-4b19-a63a-388539a4b6f9 Line Numbers: Raw Audit Messages : avc: denied { execheap } for comm="simpress.bin" egid=500 euid=500 exe="/usr/lib/openoffice.org/program/simpress.bin" exit=-13 fsgid=500 fsuid=500 gid=500 items=0 pid=2958 scontext=user_u:system_r:unconfined_execmem_t:s0 sgid=500 subj=user_u:system_r:unconfined_execmem_t:s0 suid=500 tclass=process tcontext=user_u:system_r:unconfined_execmem_t:s0 tty=(none) uid=500
Situations when SELinux policy prevents application from correct operation are not security vulnerabilities, but rather bug in policy or application. There does not seem to be any recent change in F7 selinux policy packages. Possibly some regression in kernel execmem handling code? Have you tried booting to previous kernel?
execheap is an unusual thing to do and is probably a bug in open office. You can allow this via allow_execheap boolean.
The number 1 reason to see this is having a 3rd party X driver which comes bundled with some opengl libraries where it is *those* libraries that cause the problem rather than a bug in openoffice.org. Do you have a nvidia binary driver, or something of that nature ?
So what X driver are you using ? i.e. I suspect this is a duplicate of bug 364871
I'm extraordinarily confident that this is related to some replacement opengl libraries installed when e.g. a nvidia propitiatory driver was installed. And is is those libraries that cause the selinux error. *** This bug has been marked as a duplicate of 364871 ***