I get this every time I start Opera (9.60). If you need additional info, let me know. Zusammenfassung: SELinux is preventing operapluginwrap from making the program stack executable. Detaillierte Beschreibung: The operapluginwrap application attempted to make its stack executable. This is a potential security problem. This should never ever be necessary. Stack memory is not executable on most OSes these days and this will not change. Executable stack memory is one of the biggest security problems. An execstack error might in fact be most likely raised by malicious code. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If operapluginwrap does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Zugriff erlauben: Sometimes a library is accidentally marked with the execstack flag, if you find a library with this flag you can clear it with the execstack -c LIBRARY_PATH. Then retry your application. If the app continues to not work, you can turn the flag back on with execstack -s LIBRARY_PATH. Otherwise, if you trust operapluginwrap to run correctly, you can change the context of the executable to unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t '/usr/lib/opera/9.60/operapluginwrapper'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t '/usr/lib/opera/9.60/operapluginwrapper'" Fixer Befehl: chcon -t unconfined_execmem_exec_t '/usr/lib/opera/9.60/operapluginwrapper' Zusätzliche Informationen: Quellkontext unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Zielkontext unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Zielobjekte None [ process ] Quelle exaile Quellen-Pfad /usr/bin/python Port <Unbekannt> Host sierravista.nyetwork Quellen-RPM-Pakete opera-9.60-2424.gcc4.shared.qt3 Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.5.13-1.fc10 SELinux aktiviert True Richtlinienversion targeted MLS aktiviert True Enforcing-Modus Enforcing Plugin-Name allow_execstack Hostname sierravista.nyetwork Plattform Linux sierravista.nyetwork 2.6.27.2-23.rc1.fc10.i686 #1 SMP Fri Oct 17 00:07:31 EDT 2008 i686 i686 Anzahl der Alarme 43 Zuerst gesehen So 12 Okt 2008 19:34:38 CEST Zuletzt gesehen So 19 Okt 2008 15:05:18 CEST Lokale ID 6cae6a4b-155e-4814-8f14-f06a8f952cca Zeilennummern Raw-Audit-Meldungen node=sierravista.nyetwork type=AVC msg=audit(1224421518.509:116): avc: denied { execstack } for pid=5342 comm="operapluginwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=sierravista.nyetwork type=SYSCALL msg=audit(1224421518.509:116): arch=40000003 syscall=125 success=no exit=-13 a0=bfb3a000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=5324 pid=5342 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=3 comm="operapluginwrap" exe="/usr/lib/opera/9.60/operapluginwrapper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Did you try the suggested fixes in the troubleshoot? Did you report this bug to Opera? This link explains what the prolem is. http://people.redhat.com/~drepper/selinux-mem.html Did the opera plugin actually work?
After running the fixer commands, it worked. Before that, no. I reported it to Opera. Can you actually do something with these AVC denials, or should I report them directly to the author of the program? How can I know whether it is a SELinux bug or an application bug?
Reporting them to me is fine. I will reroute if they are applications bugs. Tools that require exec(stack, mod, heap, mem) are usually coding problems in how an applciation was built.