Description of problem: SELinux is preventing maxima from changing the access protection of memory on the heap. Version-Release number of selected component (if applicable): maxima-5.17.1-7.fc11.i586 maxima-gui-5.17.1-7.fc11.i586 maxima-runtime-gcl-5.17.1-7.fc11.i586 How reproducible: Every time wxMaxima is started. Steps to Reproduce: 1. launch Application->Programming->wxMaxima 2. 3. Actual results: Appliation does start and appears to be operational. SELinux troubleshooter icon appears in desktop bar. Expected results: Application should work within SELinux not violate it. Additional info: Summary: SELinux is preventing maxima from changing the access protection of memory on the heap. Detailed Description: The maxima application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If maxima does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you want maxima to continue, you must turn on the allow_execheap boolean. Note: This boolean will affect all applications on the system. Fix Command: setsebool -P allow_execheap=1 Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects None [ process ] Source maxima Source Path /usr/lib/maxima/5.17.1/binary-gcl/maxima Port <Unknown> Host localhost.localdomain Source RPM Packages maxima-runtime-gcl-5.17.1-7.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-53.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execheap Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 i686 Alert Count 1 First Seen Fri 03 Jul 2009 08:37:31 AM EDT Last Seen Fri 03 Jul 2009 08:37:31 AM EDT Local ID cf480bd4-9173-40be-81bf-6cd249104cd9 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1246624651.464:24): avc: denied { execheap } for pid=8204 comm="maxima" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=localhost.localdomain type=SYSCALL msg=audit(1246624651.464:24): arch=40000003 syscall=125 per=40000 success=no exit=-13 a0=9e06000 a1=47ac000 a2=7 a3=1 items=0 ppid=8199 pid=8204 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="maxima" exe="/usr/lib/maxima/5.17.1/binary-gcl/maxima" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
*** This bug has been marked as a duplicate of bug 496124 ***
Quick-n-diryt workaround is to use a different maxima-runtime pkg, suggestion is yum install maxima-runtime-sbcl