Summary: Your system may be seriously compromised! /usr/sbin/rpc.rquotad attempted to mmap low kernel memory. Detailed Description: [rpc.rquotad has a permissive type (rpcd_t). This access was not denied.] SELinux has denied the rpc.rquotad the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Allowing Access: Contact your security administrator and report this issue. Additional Information: Source Context system_u:system_r:rpcd_t:s0 Target Context system_u:system_r:rpcd_t:s0 Target Objects None [ memprotect ] Source rpc.rquotad Source Path /usr/sbin/rpc.rquotad Port <Unknown> Host (removed) Source RPM Packages quota-3.17-8.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-35.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name mmap_zero Host Name (removed) Platform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 29 Oct 2009 10:16:26 PM EDT Last Seen Thu 29 Oct 2009 10:16:26 PM EDT Local ID 64d16b14-780a-40e3-94f9-b4e07c85298b Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1256868986.454:22771): avc: denied { mmap_zero } for pid=5464 comm="rpc.rquotad" scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1256868986.454:22771): arch=c000003e syscall=179 success=yes exit=0 a0=580500 a1=0 a2=0 a3=0 items=0 ppid=5463 pid=5464 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc.rquotad" exe="/usr/sbin/rpc.rquotad" subj=system_u:system_r:rpcd_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-35.fc12,mmap_zero,rpc.rquotad,rpcd_t,rpcd_t,memprotect,mmap_zero audit2allow suggests: #============= rpcd_t ============== allow rpcd_t self:memprotect mmap_zero;
*** This bug has been marked as a duplicate of bug 528581 ***