The following was filed automatically by setroubleshoot: Résumé: SELinux is preventing /usr/bin/liferea from changing a writable memory segment executable. Description détaillée: [liferea has a permissive type (unconfined_t). This access was not denied.] The liferea application attempted to change the access protection of memory (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests (http://people.redhat.com/drepper/selinux-mem.html) web page explains how to remove this requirement. If liferea does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Autoriser l'accès: If you trust liferea to run correctly, you can change the context of the executable to execmem_exec_t. "chcon -t execmem_exec_t '/usr/bin/liferea'". You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t execmem_exec_t '/usr/bin/liferea'" Commande de correction: chcon -t execmem_exec_t '/usr/bin/liferea' Informations complémentaires: Contexte source unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Contexte cible unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Objets du contexte None [ process ] source liferea Chemin de la source /usr/bin/liferea Port <Inconnu> Hôte (removed) Paquetages RPM source liferea-1.6.0-0.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.31-3.fc12 Selinux activé True Type de politique targeted MLS activé True Mode strict Enforcing Nom du plugin allow_execmem Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Compteur d'alertes 1 Première alerte sam. 12 sept. 2009 09:25:47 CEST Dernière alerte sam. 12 sept. 2009 09:25:47 CEST ID local b22c2187-df6f-4bc5-bfec-553ecfd5dff8 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1252740347.693:496): avc: denied { execmem } for pid=2114 comm="liferea" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process node=(removed) type=SYSCALL msg=audit(1252740347.693:496): arch=c000003e syscall=9 success=yes exit=140534071214080 a0=0 a1=4000 a2=5 a3=22 items=0 ppid=2015 pid=2114 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="liferea" exe="/usr/bin/liferea" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= unconfined_t ============== allow unconfined_t self:process execmem;
Liferea should not require execmem. This is a dangerous permission and should be fixed. http://people.redhat.com/~drepper/selinux-mem.html
*** This bug has been marked as a duplicate of bug 516057 ***