Summary: SELinux is preventing firefox (mozilla_t) "execmem" to <Unknown> (mozilla_t). Detailed Description: SELinux denied access requested by firefox. The current boolean settings do not allow this access. If you have not setup firefox to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: Confined processes can be configured to to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean allow_execmem is set incorrectly. Boolean Description: Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") Fix Command: # setsebool -P allow_execmem 1 Additional Information: Source Context xguest_u:xguest_r:mozilla_t:s0 Target Context xguest_u:xguest_r:mozilla_t:s0 Target Objects None [ process ] Source firefox Source Path /usr/lib/firefox-3.5.3/firefox Port <Unknown> Host (removed) Source RPM Packages firefox-3.5.4-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-85.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall_boolean Host Name (removed) Platform Linux (removed) 2.6.30.9-90.fc11.i686.PAE #1 SMP Sat Oct 17 11:24:32 EDT 2009 i686 i686 Alert Count 56 First Seen St 28. október 2009, 13:18:12 CET Last Seen Št 29. október 2009, 10:42:23 CET Local ID 8a9c383b-3c4a-4b64-add8-6147702f2bea Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1256809343.340:47): avc: denied { execmem } for pid=2539 comm="firefox" scontext=xguest_u:xguest_r:mozilla_t:s0 tcontext=xguest_u:xguest_r:mozilla_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1256809343.340:47): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=2000 a2=7 a3=22 items=0 ppid=2524 pid=2539 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="firefox" exe="/usr/lib/firefox-3.5.4/firefox" subj=xguest_u:xguest_r:mozilla_t:s0 key=(null) Hash String generated from selinux-policy-3.6.12-85.fc11,catchall_boolean,firefox,mozilla_t,mozilla_t,process,execmem audit2allow suggests: #============= mozilla_t ============== allow mozilla_t self:process execmem;
*** This bug has been marked as a duplicate of bug 538428 ***