Summary: SELinux is preventing thunderbird-bin from changing a writable memory segment executable. Detailed Description: The thunderbird-bin application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If thunderbird-bin does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust thunderbird-bin to run correctly, you can change the context of the executable to execmem_exec_t. "chcon -t execmem_exec_t '/usr/lib/thunderbird-3.0b2/thunderbird-bin'". You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t execmem_exec_t '/usr/lib/thunderbird-3.0b2/thunderbird-bin'" Fix Command: chcon -t execmem_exec_t '/usr/lib/thunderbird-3.0b2/thunderbird-bin' Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects None [ process ] Source thunderbird-bin Source Path /usr/lib/thunderbird-3.0b2/thunderbird-bin Port <Unknown> Host localhost.localdomain Source RPM Packages thunderbird-3.0-2.3.beta2.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-53.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_execmem Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686 Alert Count 8 First Seen Sun 12 Jul 2009 08:49:33 PM CEST Last Seen Sun 12 Jul 2009 08:49:51 PM CEST Local ID 5a6c7ebf-2a91-4450-bc06-11183ac4a95d Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1247424591.357:31388): avc: denied { execmem } for pid=2337 comm="thunderbird-bin" scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process node=localhost.localdomain type=SYSCALL msg=audit(1247424591.357:31388): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=2000 a2=7 a3=22 items=0 ppid=2333 pid=2337 auid=500 uid=500 gid=100 euid=500 suid=500 fsuid=500 egid=100 sgid=100 fsgid=100 tty=(none) ses=1 comm="thunderbird-bin" exe="/usr/lib/thunderbird-3.0b2/thunderbird-bin" subj=unconfined_u:unconfined_r:unconfined_t:s0 key=(null)
Did you install some extension or plugin that might be causing thunderbird to need this access?
The AVC denial came as soon as I upgraded from Fedora 10 to Fedora 11 via preupgrade. No new add-ons have been installed AFAIK. The AVC denial comes (always times 4) as soon as I start Thunderbird and before the window is visualized, but does not seem to be occurring during normal use. To be on the safe side, this is what I have installed on Thunderbird: Dictionaries: German, Dutch Themes: Default Languages: A bunch that comes by default with Fedora Plugins (which were actually installed for Firefox): Gecko Media Player 0.9.6, IcedTea Java Web Browser 1.5, Shockwave Flash 10.0 r22.
I would figure this is flash or java causing the problem. You can mark thunderbird as execmem_exec_t as the tool suggest.
Cpardy is reporting seeing this on gnome-help browser also. So I think this might be in a gnome library?
the commonality between yelp and thunderbird is that they both use xulrunner.
*** This bug has been marked as a duplicate of bug 512845 ***