The following was filed automatically by setroubleshoot:

Résumé:

SELinux is preventing /usr/libexec/pt_chown "mmap_zero" access on <Unknown>.

Description détaillée:

[pt_chown has a permissive type (unconfined_t). This access was not denied.]

SELinux denied access requested by pt_chown. The current boolean settings do not
allow this access. If you have not setup pt_chown to require this access this
may signal an intrusion attempt. If you do intend this access you need to change
the booleans on this system to allow the access.

Autoriser l'accès:

Confined processes can be configured to run requiring different access, SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
mmap_low_allowed is set incorrectly.
Boolean Description:
Allow certain domains to map low memory in the kernel


Commande de correction:

# setsebool -P mmap_low_allowed 1

Informations complémentaires:

Contexte source               unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Contexte cible                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Objets du contexte            None [ memprotect ]
source                        pt_chown
Chemin de la source           /usr/libexec/pt_chown
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         glibc-common-2.10.90-24
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-12.fc12
Selinux activé               True
Type de politique             targeted
MLS activé                   True
Mode strict                   Enforcing
Nom du plugin                 catchall_boolean
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue
                              Sep 29 16:16:22 EDT 2009 x86_64 x86_64
Compteur d'alertes            3
Première alerte              mer. 30 sept. 2009 20:15:40 CEST
Dernière alerte              mer. 30 sept. 2009 20:15:40 CEST
ID local                      c71fda22-e7a7-4643-97b8-9ba6e22fce37
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1254334540.70:19): avc:  denied  { mmap_zero } for  pid=2372 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1254334540.70:19): avc:  denied  { mmap_zero } for  pid=2372 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1254334540.70:19): avc:  denied  { mmap_zero } for  pid=2372 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=SYSCALL msg=audit(1254334540.70:19): arch=c000003e syscall=125 success=yes exit=0 a0=7fff9190b014 a1=0 a2=7fff90c83e80 a3=7fff111c64a0 items=0 ppid=2371 pid=2372 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="pt_chown" exe="/usr/libexec/pt_chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-12.fc12,catchall_boolean,pt_chown,unconfined_t,unconfined_t,memprotect,mmap_zero
audit2allow suggests:

#============= unconfined_t ==============
allow unconfined_t self:memprotect mmap_zero;