Bug 467034 - SELinux is preventing compiz from changing a writable memory segment executable.
SELinux is preventing compiz from changing a writable memory segment executable.
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: compiz (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kristian Høgsberg
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-15 07:33 EDT by cgrim
Modified: 2008-10-16 03:12 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-16 03:12:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description cgrim 2008-10-15 07:33:01 EDT
Description of problem:
The compiz application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If compiz does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed.

Version-Release number of selected component (if applicable):
Name       : compiz
Arch       : x86_64
Version    : 0.7.6
Release    : 11.fc10

How reproducible:
SELinux configured like this:
System Default Enforcing Mode = Enforcing
Current Enforcing Mode = Enforcing
System Default Policy Type = Targeted

Steps to Reproduce:
1. Enable SELinux as it's shown above
2. Login into the Gnome desktop
3. Run Compiz
  
Actual results:
Compiz did not start and SELinux TroubleShooter shows this message: SELinux is preventing compiz from changing a writable memory segment executable.

Expected results:
Compiz starts correctly.

Additional info:
Now I'm using this workaround:
chcon -t unconfined_execmem_exec_t '/usr/bin/compiz'
Comment 1 cgrim 2008-10-16 03:12:33 EDT
There is the same problem as in https://bugzilla.redhat.com/show_bug.cgi?id=467033

So I'm changing status on CAN'T FIX ... and will contact nvidia.

Note You need to log in before you can comment on or make changes to this bug.