Description of problem: gnome-help tried to change a writable memory segment executable. Version-Release number of selected component (if applicable):Source RPM Packages: yelp-2.26.0-3.fc11 How reproducible: click "help" icon when setting mouse preferences Steps to Reproduce: 1. System > Preferences > Mouse 2. Click on "help" icon on lower left of window 3. Actual results: SELinux troubleshooter window opens; icon at top right of screen also indicates "AVC-denial" Expected results: Additional info: Full text of setroubleshoot browser window: Summary SELinux is preventing gnome-help from changing a writable memory segment executable. Detailed Description The gnome-help application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If gnome-help does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Allowing Access If you trust gnome-help to run correctly, you can change the context of the executable to execmem_exec_t. "chcon -t execmem_exec_t '/usr/bin/yelp'". You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t execmem_exec_t '/usr/bin/yelp'" Fix Command chcon -t execmem_exec_t '/usr/bin/yelp' Additional Information Source Context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Target Context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Target Objects: None [ process ] Source: yelp Source Path: /usr/bin/yelp Port: <Unknown> Host: ****** Source RPM Packages: yelp-2.26.0-3.fc11 Target RPM Packages: Policy RPM: selinux-policy-3.6.12-50.fc11 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: allow_execmem Host Name: ***** Platform: Linux ***** 2.6.29.4-167.fc11.i586 #1 SMP Wed May 27 17:14:37 EDT 2009 i686 i686 Alert Count: 12 First Seen: Thu 18 Jun 2009 10:39:25 PM EDT Last Seen: Thu 25 Jun 2009 12:57:04 PM EDT Local ID: 1e0b56e4-dcfb-41ee-b2a5-e3ecd8f8ced5 Line Numbers: Raw Audit Messages : node=***** type=AVC msg=audit(1245949024.326:28): avc: denied { execmem } for pid=6169 comm="gnome-help" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=***** type=SYSCALL msg=audit(1245949024.326:28): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=2000 a2=7 a3=22 items=0 ppid=1 pid=6169 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gnome-help" exe="/usr/bin/yelp" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) (Info that may personally identify me has been redacted.)
*** This bug has been marked as a duplicate of bug 507023 ***