Bug 525309 - setroubleshoot: SELinux is preventing /usr/libexec/pt_chown "mmap_zero" access on <Unknown>.
Summary: setroubleshoot: SELinux is preventing /usr/libexec/pt_chown "mmap_zero" ...
Keywords:
Status: CLOSED DUPLICATE of bug 517582
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:a1dd85c09c3...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-23 21:21 UTC by Pablo Iranzo Gómez
Modified: 2009-09-25 08:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-25 08:29:00 UTC


Attachments (Terms of Use)

Description Pablo Iranzo Gómez 2009-09-23 21:21:18 UTC
The following was filed automatically by setroubleshoot:

Resúmen:

SELinux is preventing /usr/libexec/pt_chown "mmap_zero" access on <Unknown>.

Descripción Detallada:

[pt_chown es un tipo permisivo (unconfined_t). Este acceso no fue denegado.]

SELinux denied access requested by pt_chown. The current boolean settings do not
allow this access. If you have not setup pt_chown to require this access this
may signal an intrusion attempt. If you do intend this access you need to change
the booleans on this system to allow the access.

Permitiendo Acceso:

Confined processes can be configured to run requiring different access, SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
mmap_low_allowed is set incorrectly.
Boolean Description:
Allow certain domains to map low memory in the kernel


Comando para Corregir:

# setsebool -P mmap_low_allowed 1

Información Adicional:

Contexto Fuente               unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Contexto Destino              unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Objetos Destino               None [ memprotect ]
Fuente                        pt_chown
Dirección de Fuente          /usr/libexec/pt_chown
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          glibc-common-2.10.90-22
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.32-6.fc12
SELinux Activado              True
Tipo de Política             targeted
MLS Activado                  True
Modo Obediente                Enforcing
Nombre de Plugin              catchall_boolean
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.31-33.fc12.x86_64 #1 SMP
                              Thu Sep 17 15:40:43 EDT 2009 x86_64 x86_64
Cantidad de Alertas           3
Visto por Primera Vez         mar 22 sep 2009 14:29:23 CEST
Visto por Última Vez         mar 22 sep 2009 14:29:23 CEST
ID Local                      ac3c9a6e-d010-472d-98a7-a91faf152d87
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1253622563.377:512): avc:  denied  { mmap_zero } for  pid=14833 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1253622563.377:512): avc:  denied  { mmap_zero } for  pid=14833 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1253622563.377:512): avc:  denied  { mmap_zero } for  pid=14833 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=SYSCALL msg=audit(1253622563.377:512): arch=c000003e syscall=125 success=yes exit=0 a0=7fffbc8c6014 a1=0 a2=7fffba5e4e80 a3=7fff256be150 items=0 ppid=3788 pid=14833 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="pt_chown" exe="/usr/libexec/pt_chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= unconfined_t ==============
allow unconfined_t self:memprotect mmap_zero;

Comment 1 Andreas Schwab 2009-09-25 08:29:00 UTC

*** This bug has been marked as a duplicate of bug 517582 ***


Note You need to log in before you can comment on or make changes to this bug.