Summary: Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory. Detailed Description: [nscd has a permissive type (nscd_t). This access was not denied.] SELinux has denied the nscd the ability to mmap low area of the kernel address space. The ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr. Preventing such mappings helps protect against exploiting null deref bugs in the kernel. All applications that need this access should have already had policy written for them. If a compromised application tries modify the kernel this AVC would be generated. This is a serious issue. Your system may very well be compromised. Allowing Access: Contact your security administrator and report this issue. Additional Information: Source Context system_u:system_r:nscd_t:s0 Target Context system_u:system_r:nscd_t:s0 Target Objects None [ memprotect ] Source nscd Source Path /usr/sbin/nscd Port <Unknown> Host (removed) Source RPM Packages nscd-2.11-2 Target RPM Packages Policy RPM selinux-policy-3.6.32-41.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name mmap_zero Host Name (removed) Platform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Alert Count 6 First Seen Thu 19 Nov 2009 02:56:58 PM CET Last Seen Thu 19 Nov 2009 02:56:58 PM CET Local ID f359a32f-9bcd-4419-a64c-97562f855796 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1258639018.274:88): avc: denied { mmap_zero } for pid=5025 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=AVC msg=audit(1258639018.274:88): avc: denied { mmap_zero } for pid=5025 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=AVC msg=audit(1258639018.274:88): avc: denied { mmap_zero } for pid=5025 comm="nscd" scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:system_r:nscd_t:s0 tclass=memprotect node=(removed) type=SYSCALL msg=audit(1258639018.274:88): arch=c000003e syscall=125 success=yes exit=0 a0=7fff9faab1f4 a1=0 a2=171 a3=24 items=0 ppid=5024 pid=5025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-41.fc12,mmap_zero,nscd,nscd_t,nscd_t,memprotect,mmap_zero audit2allow suggests: #============= nscd_t ============== allow nscd_t self:memprotect mmap_zero;
*** This bug has been marked as a duplicate of bug 525537 ***