Summary:

SELinux is preventing pt_chown (unconfined_t) "mmap_zero" to <Unknown>
(unconfined_t).

Detailed Description:

SELinux denied access requested by pt_chown. The current boolean settings do not
allow this access. If you have not setup pt_chown to require this access this
may signal an intrusion attempt. If you do intend this access you need to change
the booleans on this system to allow the access.

Allowing Access:

Confined processes can be configured to to run requiring different access,
SELinux provides booleans to allow you to turn on/off access as needed. The
boolean allow_unconfined_mmap_low is set incorrectly.
Boolean Description:
Allow unconfined domain to map low memory in the kernel


Fix Command:

# setsebool -P allow_unconfined_mmap_low 1

Additional Information:

Source Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                None [ memprotect ]
Source                        pt_chown
Source Path                   /usr/libexec/pt_chown
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           glibc-common-2.10.1-5
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-85.fc11
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall_boolean
Host Name                     (removed)
Platform                      Linux (removed) 2.6.30.8-64.fc11.x86_64 #1 SMP Fri
                              Sep 25 04:43:32 EDT 2009 x86_64 x86_64
Alert Count                   3
First Seen                    Mon 19 Oct 2009 07:15:00 PM CEST
Last Seen                     Mon 19 Oct 2009 07:15:00 PM CEST
Local ID                      cffcb45f-fddb-42cd-af37-aa5bc80ecd0e
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1255972500.61:16): avc:  denied  { mmap_zero } for  pid=2689 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1255972500.61:16): avc:  denied  { mmap_zero } for  pid=2689 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=AVC msg=audit(1255972500.61:16): avc:  denied  { mmap_zero } for  pid=2689 comm="pt_chown" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=memprotect

node=(removed) type=SYSCALL msg=audit(1255972500.61:16): arch=c000003e syscall=125 success=no exit=-14 a0=7fffcafd7014 a1=0 a2=7fffc8ab8e80 a3=7fff7979f150 items=0 ppid=2639 pid=2689 auid=501 uid=501 gid=501 euid=0 suid=0 fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="pt_chown" exe="/usr/libexec/pt_chown" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.12-85.fc11,catchall_boolean,pt_chown,unconfined_t,unconfined_t,memprotect,mmap_zero
audit2allow suggests:

#============= unconfined_t ==============
#!!!! This avc can be allowed using the boolean 'mmap_low_allowed'

allow unconfined_t self:memprotect mmap_zero;